Intrusion Prevention

Airlive.IP.Camera.usrgrp.CGI.CSRF

Description

This indicates an attack attempt against a Cross-site request forgery (CSRF) vulnerability in Airlive Ip Camera.
This issue is caused by an error when handling the add action requests sent to /cgi-bin/admin/usrgrp.cgi. It allows a remote attacker to create an alternative user with administration credentials on vulnerable systems via a crafted http request.

Affected Products

AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD

Impact

Information Disclosure: Remote attacker can gain sensitive information from vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2013-3540