CVE-2013-3311

HIGH

Loftek Nexus 543 Firmware - Unauthenticated Path Traversal via URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3311. PoCs published by Craig Young.

AI-analyzed exploit summary The exploit consists of three parts: a CSRF PoC to reset credentials, a script to dump kernel memory via path traversal (CVE-2013-3311), and a script to retrieve WiFi credentials via path traversal (CVE-2013-3314). The latter two scripts use curl to fetch sensitive files from the Loftek Nexus 543 IP camera.

Description

Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. (dot dot) in the URL of an HTTP GET request.

Exploits (1)

exploitdb WORKING POC
by Craig Young · textwebappshardware
https://www.exploit-db.com/exploits/27878

The exploit consists of three parts: a CSRF PoC to reset credentials, a script to dump kernel memory via path traversal (CVE-2013-3311), and a script to retrieve WiFi credentials via path traversal (CVE-2013-3314). The latter two scripts use curl to fetch sensitive files from the Loftek Nexus 543 IP camera.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Loftek Nexus 543 IP Camera
No auth needed
Prerequisites: Network access to the target IP camera
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/27878
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/61970

Scores

CVSS v3 7.5
EPSS 0.0372
EPSS Percentile 88.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
loftek/nexus_543_firmware
Published Nov 21, 2019
Tracked Since Feb 18, 2026