CVE-2013-3689

Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://seclists.org/fulldisclosure/2013/Jun/84
http://seclists.org/fulldisclosure/2013/Jun/84

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:brickcom:100ap_device_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:brickcom:fb-100ap:-:::::::*
	cpe:2.3:h:brickcom:md-100ap:-:::::::*
	cpe:2.3:h:brickcom:ob-100ae:-:::::::*
	cpe:2.3:h:brickcom:osd-040e:-:::::::*
	cpe:2.3:h:brickcom:wcb-100ap:-:::::::*
	cpe:2.3:h:brickcom:wfb-100ap:-:::::::*

History

04 Mar 2025, 19:48

Type	Values Removed	Values Added
CPE	cpe:2.3:h:brickom:md-100ap:-:::::::* cpe:2.3:h:brickom:fb-100ap:-:::::::* cpe:2.3:h:brickom:wfb-100ap:-:::::::* cpe:2.3:h:brickom:wcb-100ap:-:::::::* cpe:2.3:o:brickom:100ap_device_firmware:::::::: cpe:2.3:h:brickom:ob-100ae:-:::::::* cpe:2.3:h:brickom:osd-040e:-:::::::*	cpe:2.3:h:brickcom:ob-100ae:-:::::::* cpe:2.3:h:brickcom:fb-100ap:-:::::::* cpe:2.3:h:brickcom:osd-040e:-:::::::* cpe:2.3:h:brickcom:wcb-100ap:-:::::::* cpe:2.3:h:brickcom:md-100ap:-:::::::* cpe:2.3:o:brickcom:100ap_device_firmware:::::::: cpe:2.3:h:brickcom:wfb-100ap:-:::::::*
First Time		Brickcom md-100ap Brickcom ob-100ae Brickcom wcb-100ap Brickcom osd-040e Brickcom fb-100ap Brickcom wfb-100ap Brickcom 100ap Device Firmware Brickcom

Information

Published : 2013-10-04 23:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-3689

Mitre link : CVE-2013-3689

CVE.ORG link : CVE-2013-3689

JSON object : View

Products Affected

brickcom

100ap_device_firmware
fb-100ap
wfb-100ap
ob-100ae
md-100ap
osd-040e
wcb-100ap

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-3689", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-04T23:55:03.970", "references": [{"url": "http://seclists.org/fulldisclosure/2013/Jun/84", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2013/Jun/84", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action."}, {"lang": "es", "value": "Brickcom FB-100AP, WCB-100AP, MD-100AP, WFB-100AP, OB-100Ae, OSD-040E, y posiblemente otros modelos de c\u00e1maras con firmware 3.0.6.16C1 y anteriores, no limitan adecuadamente el acceso a configfile.dump, que permite a atacantes remotos obtener informaci\u00f3n sensible (nombres de usuario, contrase\u00f1as y configuraciones) a trav\u00e9s de una acci\u00f3n get."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:brickcom:100ap_device_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B92EEBC-BD88-4F6F-A0F5-9B90F0E80F9C", "versionEndIncluding": "3.0.6.16c1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:brickcom:fb-100ap:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8793329F-0144-40FB-A2C5-AC5F8E3A2DAF"}, {"criteria": "cpe:2.3:h:brickcom:md-100ap:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7272E6B1-E94B-463E-843B-DCD5448718B5"}, {"criteria": "cpe:2.3:h:brickcom:ob-100ae:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8DC5FA0-0BD5-41A3-8924-AC775728A763"}, {"criteria": "cpe:2.3:h:brickcom:osd-040e:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BDD54A2-36B9-4A17-8C2D-A0CCB9CD5379"}, {"criteria": "cpe:2.3:h:brickcom:wcb-100ap:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A2CF165-23AA-4C7D-9D8F-3A225CAB3193"}, {"criteria": "cpe:2.3:h:brickcom:wfb-100ap:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9DD4683-503D-4F23-A9D3-531A04207E37"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}