CVE-2013-3691

HIGH

AirLive POE-2600HD Firmware - Denial of Service via Long URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3691. PoCs published by Sánchez_ Lopez_ Castillo.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Airlive cameras, including CSRF, path traversal, information exposure, and a DoS attack via overbuffing the root path. The PoC includes specific URLs and a Python script to trigger the DoS condition.

Description

AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.

Exploits (1)

exploitdb WORKING POC

by Sánchez_ Lopez_ Castillo · textwebappshardware

https://www.exploit-db.com/exploits/26174

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Airlive cameras, including CSRF, path traversal, information exposure, and a DoS attack via overbuffing the root path. The PoC includes specific URLs and a Python script to trigger the DoS condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Airlive WL2600CAM, POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1499 - Endpoint Denial of Service T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2013/Jun/84

Exploit, Third Party Advisory x_refsource_misc

https://www.youtube.com/watch?v=2UCAHSVqfuE

Scores

CVSS v3 7.5

EPSS 0.0390

EPSS Percentile 88.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (1)

ovislink/airlive_poe2600hd_firmware

Published Dec 11, 2019

Tracked Since Feb 18, 2026