CVE-2013-3539

Ovislink Airlive Wl2600cam - CSRF

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3539. PoCs published by Castillo.

AI-analyzed exploit summary This HTML-based PoC exploits a CSRF vulnerability in Sony CH and DH series IP cameras by submitting a crafted form to modify user credentials and authentication settings without user interaction.

Description

Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Castillo · htmlremotehardware

https://www.exploit-db.com/exploits/38583

View Code ZIP pw:eip

This HTML-based PoC exploits a CSRF vulnerability in Sony CH and DH series IP cameras by submitting a crafted form to modify user credentials and authentication settings without user interaction.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Sony CH/DH series IP cameras (SNCCH140, SNCCH180, SNCCH240, SNCCH280, SNCDH140, SNCDH140T, SNCDH180, SNCDH240, SNCDH240T, SNCDH280)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting this PoC

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2013/Jun/84

Scores

EPSS 0.0630

EPSS Percentile 92.7%

Details

CWE

CWE-352

Status published

Products (11)

ovislink/airlive_wl2600cam

sony/snc_ch140

sony/snc_ch180

sony/snc_ch240

sony/snc_ch280

sony/snc_dh140

sony/snc_dh140t

sony/snc_dh180

sony/snc_dh240

sony/snc_dh240t

... and 1 more

Published Oct 01, 2013

Tracked Since Feb 18, 2026