Published:2025/06/06 Last Updated:2025/06/06
JVN#10964289
Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery
Overview
Multiple surveillance cameras provided by i-PRO Co., Ltd. contain a cross-site request forgery vulnerability.
Products Affected
- Surveillance cameras provided by i-PRO Co., Ltd.
Description
Multiple surveillance cameras provided by i-PRO Co., Ltd. contain the following vulnerability.
- Cross-Site Request Forgery (CSRF) (CWE-352)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3
- CVE-2025-36513
Impact
If a user views a crafted page while logged in to the affected product, unintended operations may be performed.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated.
After the coordination was completed, i-PRO Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-36513 |
| JVN iPedia |
JVNDB-2025-000037 |