Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi.
Exploits (1)
exploitdb
WORKING POC
by Craig Young · textwebappshardware
https://www.exploit-db.com/exploits/27878
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
http://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-who-is-watching-your-ip-camera
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/27878
Scores
CVSS v3
8.8
EPSS
0.0018
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
loftek/nexus_543_firmware
Published
Nov 21, 2019
Tracked Since
Feb 18, 2026