Japan Vulnerability NotesJVN:98612206JVN#98612206: Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
47.6%
Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G provided by PLANEX COMMUNICATIONS INC. contains multiple vulnerabilities listed below.
Stored cross-site scripting (CWE-79) - CVE-2023-22370
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 4.8 |
| CVSS v2 | AV:A/AC:M/Au:S/C:N/I:P/A:N | Base Score: 2.3 |
Cross-site request forgery (CWE-352) - CVE-2023-22375
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | Base Score: 4.3 |
| CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Reflected cross-site scripting (CWE-79) - CVE-2023-22376
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
| CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Impact
- An arbitrary script may be executed on the web browser of the user who is logging in to the product - CVE-2023-22370, CVE-2023-22376
- If a user views a malicious page while logged in, unintended operations may be performed - CVE-2023-22375
Solution
Stop using the product
The developer states that the product is no longer supported, therefore recommends users to stop using the product.
Products Affected
- Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
47.6%