CVE-2024-45179

The CVE affects za-internet C-MOR Video Surveillance versions 5.2401–6.00PL01. Root cause: insufficient input validation in the web interface enables OS command injection via HTTP POST data. Notable vulnerable components include generatesslreq.pml (allows low-privileged authenticated users to run...

za-internet C-MOR Video Surveillance 安全漏洞

za-internet C-MOR Video Surveillance is a network video surveillance system from the German company za-internet. A security vulnerability exists in za-internet C-MOR Video Surveillance version 5.2401 and 6.00PL01, which stems from insufficient input validation and makes the C-MOR web interface...

CVE-2024-45179

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for exampl...

C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection

Advisory ID: SYSS-2024-023 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: -...

C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Request Forgery

Advisory ID: SYSS-2024-022 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Cross-Site Request Forgery CWE-352 Risk Level: Medium Solution Status: Open Manufacturer Notification: 2024-04-05...

C-MOR Video Surveillance 5.2401 Cross Site Scripting

Advisory ID: SYSS-2024-020 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Reflected Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date:...

C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Scripting

Advisory ID: SYSS-2024-021 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Persistent Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05...

C-MOR Video Surveillance 5.2401 / 6.00PL01 Command Injection

Advisory ID: SYSS-2024-030 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: OS Command Injection CWE-78 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution...

CVE-2024-45171

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup file...

CVE-2024-45176

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting XSS attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to...

CVE-2024-45175

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a...

CVE-2024-45178

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path traversal attack. It was found out that different functionalities are vulnerable to path traversal attacks, du...

za-internet C-MOR Video Surveillance 安全漏洞

za-internet C-MOR Video Surveillance is a network video surveillance system from the German company za-internet. A security vulnerability exists in za-internet C-MOR Video Surveillance version 5.2401, which stems from improper privilege management of the sudo privilege...

CVE-2024-45175

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a...

za-internet C-MOR Video Surveillance 安全漏洞

za-internet C-MOR Video Surveillance is a network video surveillance system from the German company za-internet. A security vulnerability exists in za-internet C-MOR Video Surveillance version 5.2401, which stems from improper input validation leading to path traversal...

za-internet C-MOR Video Surveillance 安全漏洞

za-internet C-MOR Video Surveillance is a network video surveillance system from the German company za-internet. A security vulnerability exists in za-internet C-MOR Video Surveillance version 5.2401, which originates from sensitive information being stored in plaintext...

CVE-2024-45176

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting XSS attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to...

za-internet C-MOR Video Surveillance 安全漏洞

za-internet C-MOR Video Surveillance is a network video surveillance system from the German company za-internet. A security vulnerability exists in za-internet C-MOR Video Surveillance version 5.2401, which stems from improper input validation and results in unrestricted file uploads...

CVE-2024-45172

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery CSRF attacks. The C-MOR web interface offers no protection against cross-site request forgery CSRF attacks...

CVE-2024-45170

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...