CVE-2013-1601

Name of the Vulnerable Software and Affected Versions: D-LINK WCS-1100 version 1.02 TESCO DCS-2121 version 1.05 TESCO TESCO DCS-2102 version 1.05 TESCO D-LINK DCS-7510 version 1.00 D-LINK DCS-7410 version 1.00 D-LINK DCS-6410 version 1.00 D-LINK DCS-5635 version 1.01 D-LINK DCS-5605 version 1.01 D-LINK DCS-5230L version 1.02 D-LINK DCS-5230 version 1.02 D-LINK DCS-3430 version 1.02 D-LINK DCS-3411 version 1.02 D-LINK DCS-3410 version 1.02 D-LINK DCS-2121 versions 1.05 RU through 1.06 FR D-LINK DCS-2121 versions 1.05 RU through 1.06 D-LINK DCS-2102 versions 1.05 RU through 1.06 FR D-LINK DCS-2102 versions 1.05 RU through 1.06 D-LINK DCS-1130L version 1.04 D-LINK DCS-1130 versions 1.03 through 1.04 US D-LINK DCS-1100L version 1.04 D-LINK DCS-1100 versions 1.03 through 1.04 US

Description: An Information Disclosure issue exists due to a failure to restrict access on the lums.cgi script when processing a live video stream, which could let a malicious user obtain sensitive information.

Recommendations: For D-LINK WCS-1100 version 1.02, restrict access to the lums.cgi script. For TESCO DCS-2121 version 1.05 TESCO, restrict access to the lums.cgi script. For TESCO DCS-2102 version 1.05 TESCO, restrict access to the lums.cgi script. For D-LINK DCS-7510 version 1.00, restrict access to the lums.cgi script. For D-LINK DCS-7410 version 1.00, restrict access to the lums.cgi script. For D-LINK DCS-6410 version 1.00, restrict access to the lums.cgi script. For D-LINK DCS-5635 version 1.01, restrict access to the lums.cgi script. For D-LINK DCS-5605 version 1.01, restrict access to the lums.cgi script. For D-LINK DCS-5230L version 1.02, restrict access to the lums.cgi script. For D-LINK DCS-5230 version 1.02, restrict access to the lums.cgi script. For D-LINK DCS-3430 version 1.02, restrict access to the lums.cgi script. For D-LINK DCS-3411 version 1.02, restrict access to the lums.cgi script. For D-LINK DCS-3410 version 1.02, restrict access to the lums.cgi script. For D-LINK DCS-2121 versions 1.05 RU through 1.06 FR, restrict access to the lums.cgi script. For D-LINK DCS-2121 versions 1.05 RU through 1.06, restrict access to the lums.cgi script. For D-LINK DCS-2102 versions 1.05 RU through 1.06 FR, restrict access to the lums.cgi script. For D-LINK DCS-2102 versions 1.05 RU through 1.06, restrict access to the lums.cgi script. For D-LINK DCS-1130L version 1.04, restrict access to the lums.cgi script. For D-LINK DCS-1130 versions 1.03 through 1.04 US, restrict access to the lums.cgi script. For D-LINK DCS-1100L version 1.04, restrict access to the lums.cgi script. For D-LINK DCS-1100 versions 1.03 through 1.04 US, restrict access to the lums.cgi script.