CVE-2013-1599

Name of the Vulnerable Software and Affected Versions: D-Link IP Cameras DCS-3411/3430 version 1.02 D-Link IP Cameras DCS-5605/5635 version 1.01 D-Link IP Cameras DCS-1100L/1130L version 1.04 D-Link IP Cameras DCS-1100/1130 version 1.03 D-Link IP Cameras DCS-1100/1130 version 1.04 US D-Link IP Cameras DCS-2102/2121 version 1.05 RU D-Link IP Cameras DCS-3410 version 1.02 D-Link IP Cameras DCS-5230 version 1.02 D-Link IP Cameras DCS-5230L version 1.02 D-Link IP Cameras DCS-6410 version 1.00 D-Link IP Cameras DCS-7410 version 1.00 D-Link IP Cameras DCS-7510 version 1.00 D-Link IP Cameras WCS-1100 version 1.02

Description: A Command Injection issue exists in the /var/www/cgi-bin/rtpd.cgi script, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.

Recommendations: For D-Link IP Cameras DCS-3411/3430 version 1.02, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras DCS-5605/5635 version 1.01, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras DCS-1100L/1130L version 1.04, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras DCS-1100/1130 version 1.03, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras DCS-1100/1130 version 1.04 US, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras DCS-2102/2121 version 1.05 RU, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras DCS-3410 version 1.02, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras DCS-5230 version 1.02, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras DCS-5230L version 1.02, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras DCS-6410 version 1.00, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras DCS-7410 version 1.00, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras DCS-7510 version 1.00, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available. For D-Link IP Cameras WCS-1100 version 1.02, consider disabling the /var/www/cgi-bin/rtpd.cgi script until a patch is available.