427 matches found
ELECOM WRC 安全漏洞
The ELECOM WRC is a home-ready network camera from ELECOM Japan. A security vulnerability exists in ELECOM WRC-1167FEBK-A v1.18 and earlier versions, which stems from the presence of an information disclosure that could allow network-adjacent attackers with access to the affected product to...
ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-001-2023 Vendor Homepage: https://www.abus.com Version/Model: TVIP...
AXIS 207W Network Camera XSS Vulnerability (Feb 2023)
AXIS 207W network camera devices are prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution Vulnerability
ABUS Security Camera version TVIP 20000-21150 suffers from local file inclusion, hardcoded credential, and command injection vulnerabilities. When coupled together, they can be leveraged to achieve remote access as root via ssh...
CVE-2023-22984
A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL...
Cross site scripting
UNSUPPORTED WHEN ASSIGNED A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL...
CVE-2023-22984
A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL...
CVE-2023-22984
Axis 207W network camera exposes a reflected XSS in the web administration portal that lets an attacker execute arbitrary JavaScript via a URL. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N with base score 6.1 (Medium). No public fix is documented in the provided sources; some refer...
PT-2023-18810 · Axis · Axis 207W
Name of the Vulnerable Software and Affected Versions: Axis 207W network camera affected versions not specified Description: A reflected XSS issue in the web administration portal of the Axis 207W network camera allows an attacker to execute arbitrary JavaScript via URL. This enables the attacker...
CVE-2023-22984
A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL...
CVE-2023-22370
Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer...
CVE-2023-22376
Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the...
CVE-2023-22375
Cross-site request forgery CSRF vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability...
Cross site scripting
UNSUPPORTED WHEN ASSIGNED Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no...
Cross site request forgery (csrf)
UNSUPPORTED WHEN ASSIGNED Cross-site request forgery CSRF vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page...
Cross site scripting
UNSUPPORTED WHEN ASSIGNED Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by t...
CVE-2023-22370
Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer...
CVE-2023-22370
CVE-2023-22370 is a stored cross-site scripting vulnerability in PLANEX Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G (all versions). The issue allows a network-adjacent authenticated attacker to inject arbitrary scripts via the device’s web interface. Root cause per the sources is a store...
CVE-2023-22376
CVE-2023-22376 describes a reflected cross-site scripting (XSS) vulnerability in PLANEX COMMUNICATIONS Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G (all versions). Public sources consistently identify the affected component as the web interface handling user input that is reflected back t...
CVE-2023-22375
Cross-site request forgery CSRF vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability...