CVE-2013-1599

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.

Published: Jan 28, 2020
Updated: Apr 13, 2023
CVE: CVE-2013-1599
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
dlink / dcs-3411_firmware	1.02	1.02.x
dlink / dcs-3430_firmware	1.02	1.02.x
dlink / dcs-5605_firmware	1.01	1.01.x
dlink / dcs-5635_firmware	1.01	1.01.x
dlink / dcs-1100l_firmware	1.04	1.04.x
dlink / dcs-1130l_firmware	1.04	1.04.x
dlink / dcs-1100_firmware	1.03	1.03.x
dlink / dcs-1100_firmware	1.04	1.04.x
dlink / dcs-1130_firmware	1.03	1.03.x
dlink / dcs-1130_firmware	1.04	1.04.x
dlink / dcs-2102_firmware	1.05	1.05.x
dlink / dcs-2121_firmware	1.05	1.05.x
dlink / dcs-3410_firmware	1.02	1.02.x
dlink / dcs-5230_firmware	1.02	1.02.x
dlink / dcs-5230l_firmware	1.02	1.02.x
dlink / dcs-6410_firmware	1.00	1.00.x
dlink / dcs-7410_firmware	1.00	1.00.x
dlink / dcs-7510_firmware	1.00	1.00.x
dlink / wcs-1100_firmware	1.00	1.00.x

Vulnerability Database

289,697

CVE-2013-1599