CVE-2013-2579 - Vulnerability Details - OpenCVE

TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tp-link	Lm Firmware Tl-sc3130 Tl-sc3130g Tl-sc3171 Tl-sc3171g

Configuration 1 [-]

AND

OR	cpe:2.3:h:tp-link:tl-sc3130:-:::::::*
	cpe:2.3:h:tp-link:tl-sc3130g:-:::::::*
	cpe:2.3:h:tp-link:tl-sc3171:-:::::::*
	cpe:2.3:h:tp-link:tl-sc3171g:-:::::::*

cpe:2.3:o:tp-link:lm_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-10-11T21:00:00Z

Updated: 2024-09-17T00:37:09.224Z

Reserved: 2013-03-15T00:00:00Z

Link: CVE-2013-2579

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-10-11T21:55:44.167

Modified: 2024-11-21T01:51:59.583

Link: CVE-2013-2579

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded \"qmik\" account, which allows remote attackers to obtain administrative access via a TELNET session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-10-11T21:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2579", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded \"qmik\" account, which allows remote attackers to obtain administrative access via a TELNET session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras", "refsource": "MISC", "url": "http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:44:32.206Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-2579", "datePublished": "2013-10-11T21:00:00Z", "dateReserved": "2013-03-15T00:00:00Z", "dateUpdated": "2024-09-17T00:37:09.224Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-sc3130:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A687292-110A-44B6-91E0-0FA9AA954D1B", "vulnerable": true}, {"criteria": "cpe:2.3:h:tp-link:tl-sc3130g:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDCDA0C1-4A25-4BD6-8F8C-875D488295CB", "vulnerable": true}, {"criteria": "cpe:2.3:h:tp-link:tl-sc3171:-:*:*:*:*:*:*:*", "matchCriteriaId": "9DC0738C-300C-4CD4-BB93-AECC15356CB1", "vulnerable": true}, {"criteria": "cpe:2.3:h:tp-link:tl-sc3171g:-:*:*:*:*:*:*:*", "matchCriteriaId": "51BA2347-A4EC-45DF-B05A-7806E62FEC3B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:lm_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AA9253C-5276-49A9-9097-D9B137829FE8", "versionEndIncluding": "1.6.18p12_sign5", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded \"qmik\" account, which allows remote attackers to obtain administrative access via a TELNET session."}, {"lang": "es", "value": "Las c\u00e1maras IP TP-Link TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, y posiblemente otros modelos anteriores al firmware beta LM.1.6.18P12_sign6 tienen una contrase\u00f1a vac\u00eda para la cuenta incrustada en el c\u00f3digo \"qmik\", lo que permite a atacantes remotos obtener acceso administrativo a trav\u00e9s de una sesion TELNET."}], "id": "CVE-2013-2579", "lastModified": "2024-11-21T01:51:59.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-11T21:55:44.167", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}