CVE-2013-3690

Brickcom 100Ap Device Firmware <= 3.1.0.8 - Cross-Site Request Forgery in User Management

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3690. PoCs published by Castillo.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Brickcom IP cameras, allowing an attacker to add a new admin user via a crafted HTML form. The PoC submits a POST request to the vulnerable endpoint without requiring prior authentication.

Description

Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Castillo · htmlremotehardware

https://www.exploit-db.com/exploits/38582

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Brickcom IP cameras, allowing an attacker to add a new admin user via a crafted HTML form. The PoC submits a POST request to the vulnerable endpoint without requiring prior authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Brickcom IP cameras (firmware 3.0.6.7, 3.0.6.12, 3.0.6.16C1)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2013/Jun/84

Scores

EPSS 0.1238

EPSS Percentile 95.7%

Details

CWE

CWE-352

Status published

Products (7)

brickcom/100ap_device_firmware 3.1.0.8

brickcom/fb-100ap

brickcom/md-100ap

brickcom/ob-100ae

brickcom/osd-040e

brickcom/wcb-100ap

brickcom/wfb-100ap

Published Oct 01, 2013

Tracked Since Feb 18, 2026