CVE-2013-3539
CVE-2013-3539 is a medium-severity vulnerability in Ovislink Airlive Wl2600cam with a CVSS 2.0 base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-352.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.8)
- EPSS exploit prediction: 9% (95th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-352
- Affected product: Ovislink Airlive Wl2600cam
- Published:
- Last modified:
Description
Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
Frequently asked questions
- What is CVE-2013-3539?
- Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
- How severe is CVE-2013-3539?
- CVE-2013-3539 has a CVSS 2.0 base score of 6.8, rated medium severity.
- Is CVE-2013-3539 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 9% (95th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2013-3539?
- CVE-2013-3539 primarily affects Ovislink Airlive Wl2600cam. In total, 11 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2013-3539?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2013-3539 published?
- CVE-2013-3539 was published on 2013-10-01 and last updated on 2026-06-16.
References
Affected products (11)
- cpe:2.3:h:ovislink:airlive_wl2600cam:-:*:*:*:*:*:*:*
- cpe:2.3:h:sony:snc_ch140:-:*:*:*:*:*:*:*
- cpe:2.3:h:sony:snc_ch180:-:*:*:*:*:*:*:*
- cpe:2.3:h:sony:snc_ch240:-:*:*:*:*:*:*:*
- cpe:2.3:h:sony:snc_ch280:-:*:*:*:*:*:*:*
- cpe:2.3:h:sony:snc_dh140:-:*:*:*:*:*:*:*
- cpe:2.3:h:sony:snc_dh140t:-:*:*:*:*:*:*:*
- cpe:2.3:h:sony:snc_dh180:-:*:*:*:*:*:*:*
- cpe:2.3:h:sony:snc_dh240:-:*:*:*:*:*:*:*
- cpe:2.3:h:sony:snc_dh240t:-:*:*:*:*:*:*:*
- cpe:2.3:h:sony:snc_dh280:-:*:*:*:*:*:*:*
More vulnerabilities in Ovislink Airlive Wl2600cam
- CVE-2013-3686 — Critical (CVSS 10.0): cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the…
- CVE-2013-3541 — High (CVSS 7.8): Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models…
All CVEs affecting Ovislink Airlive Wl2600cam →
Other CWE-352 (Cross-Site Request Forgery (CSRF)) vulnerabilities
- CVE-2025-32642 — Critical (CVSS 10.0): Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This…
- CVE-2025-23922 — Critical (CVSS 10.0): Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder embed-ispring allows Upload a Web Shell to a…
- CVE-2017-5145 — Critical (CVSS 10.0): An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware…
- CVE-2019-25729 — Critical (CVSS 9.8): PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute…
- CVE-2025-48340 — Critical (CVSS 9.8): Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager user-profile-meta allows…
- CVE-2025-2907 — Critical (CVSS 9.8): The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing…
Browse all CWE-352 (Cross-Site Request Forgery (CSRF)) vulnerabilities →