CVE-2013-1602

Vulnerability

CVE-2013-1602 is a vulnerability in the RTSP session handling of numerous D-Link network cameras. The affected devices do not properly validate authentication cookies for RTSP sessions. This allows an attacker to bypass authentication and access video streams without valid credentials. The vulnerability affects the following models and firmware versions: DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US, DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02 [1].

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted RTSP request to the affected camera, bypassing the need for a valid authentication cookie. No prior authentication or special network position is required beyond network access to the device. The attacker can then directly request the video stream from the camera [1].

Impact

Successful exploitation allows an attacker to obtain unauthorized access to the live video stream from the camera. This is a confidentiality breach, exposing potentially sensitive visual information that the camera monitors. The attacker does not gain administrative control over the device, but can view the camera's feed undetected [1].

Mitigation

D-Link has not released a security advisory or firmware patches for these models to address CVE-2013-1602. At least some of the affected models are end-of-life and may not receive updates. Users are advised to ensure the cameras are not directly exposed to the internet and to use network segmentation and firewall rules to restrict access to the RTSP port [1].