CVE-2013-1601
Description
An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03, which could let a malicious user obtain sensitive information. which could let a malicious user obtain sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
D-Link camera models fail to restrict access to lums.cgi, allowing unauthenticated disclosure of live video streams.
Vulnerability
An information disclosure vulnerability exists in the lums.cgi script of multiple D-Link camera models. The script does not properly restrict access when processing a live video stream, allowing unauthenticated remote attackers to obtain sensitive video data. Affected models include WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 [1].
Exploitation
An attacker with network access to the affected camera can directly request the lums.cgi script without any authentication. No special privileges or user interaction is required. The attacker simply sends an HTTP request to the camera's IP address targeting the lums.cgi endpoint, which then returns the live video stream data.
Impact
Successful exploitation results in unauthorized disclosure of the live video stream from the camera. This compromises the confidentiality of the video feed, potentially exposing sensitive visual information to an external party. The attacker gains the ability to view the camera's live footage without any authentication.
Mitigation
No official fix has been identified in the available references [1]. Users should consider upgrading to a supported camera model or implementing network-level access controls, such as restricting access to the camera's web interface to trusted IP addresses only. As of the publication date, this vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- D-LINK/WCS-1100description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.securityfocus.com/bid/59570mitrex_refsource_MISC
- exchange.xforce.ibmcloud.com/vulnerabilities/83939mitrex_refsource_MISC
- packetstormsecurity.com/files/cve/CVE-2013-1601mitrex_refsource_MISC
- vuldb.commitrex_refsource_MISC
- www.coresecurity.com/advisories/d-link-ip-cameras-multiple-vulnerabilitiesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.