{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:14:45", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20130612 Security Analysis of IP video surveillance cameras", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2013/Jun/84"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3689", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20130612 Security Analysis of IP video surveillance cameras", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2013/Jun/84"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3689", "datePublished": "2022-10-03T16:14:45", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:14:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:brickom:100ap_device_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B920D75-98F5-4EE3-A867-BEA9699127D7", "versionEndIncluding": "3.0.6.16c1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:brickom:fb-100ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A458982-22F6-4637-87F3-C4AB9A08CEB9", "vulnerable": true}, {"criteria": "cpe:2.3:h:brickom:md-100ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "5A11EA2A-225D-4A48-B387-D47AE4967AA5", "vulnerable": true}, {"criteria": "cpe:2.3:h:brickom:ob-100ae:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFDD3960-F8A0-493B-8C16-3A3A4192A0E3", "vulnerable": true}, {"criteria": "cpe:2.3:h:brickom:osd-040e:-:*:*:*:*:*:*:*", "matchCriteriaId": "F24E61C0-A910-4A0E-9B6C-FFCE6792CF77", "vulnerable": true}, {"criteria": "cpe:2.3:h:brickom:wcb-100ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "C61EFCAD-7876-4CB2-937B-565206C44C25", "vulnerable": true}, {"criteria": "cpe:2.3:h:brickom:wfb-100ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "5A2DBA19-9BE5-456D-AFF6-81767F7EDD2D", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action."}, {"lang": "es", "value": "Brickcom FB-100AP, WCB-100AP, MD-100AP, WFB-100AP, OB-100Ae, OSD-040E, y posiblemente otros modelos de c\u00e1maras con firmware 3.0.6.16C1 y anteriores, no limitan adecuadamente el acceso a configfile.dump, que permite a atacantes remotos obtener informaci\u00f3n sensible (nombres de usuario, contrase\u00f1as y configuraciones) a trav\u00e9s de una acci\u00f3n get."}], "id": "CVE-2013-3689", "lastModified": "2013-10-07T15:38:46.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-04T23:55:03.970", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2013/Jun/84"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}