JVN#98612206
Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G

Overview

Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G provided by PLANEX COMMUNICATIONS INC. contains multiple vulnerabilities.

Products Affected

• Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions

Description

Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G provided by PLANEX COMMUNICATIONS INC. contains multiple vulnerabilities listed below.

• Stored cross-site scripting (CWE-79) - CVE-2023-22370

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	Base Score: 4.8
  CVSS v2	AV:A/AC:M/Au:S/C:N/I:P/A:N	Base Score: 2.3

• Cross-site request forgery (CWE-352) - CVE-2023-22375

  CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	Base Score: 4.3
  CVSS v2	AV:N/AC:H/Au:N/C:N/I:P/A:N	Base Score: 2.6

• Reflected cross-site scripting (CWE-79) - CVE-2023-22376

  CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Base Score: 6.1
  CVSS v2	AV:N/AC:H/Au:N/C:N/I:P/A:N	Base Score: 2.6

Impact

• An arbitrary script may be executed on the web browser of the user who is logging in to the product - CVE-2023-22370, CVE-2023-22376
• If a user views a malicious page while logged in, unintended operations may be performed - CVE-2023-22375

Solution

Stop using the product
The developer states that the product is no longer supported, therefore recommends users to stop using the product.