MidnightBSD

Advisories for brickom

CVE-2013-3689 HIGH

Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
brickom md-100ap -
brickom ob-100ae -
brickom wfb-100ap -
brickom osd-040e -
brickom wcb-100ap -
brickom fb-100ap -
brickom 100ap_device_firmware *
CVE-2013-3690 MEDIUM

Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
brickom 100ap_device_firmware 3.1.0.8
brickom md-100ap -
brickom ob-100ae -
brickom wfb-100ap -
brickom osd-040e -
brickom wcb-100ap -
brickom fb-100ap -