JVNVU#90766406
Multiple vulnerabilities in PLANEX Network camera products
Overview
"SmaCam CS-QR10" and "SmaCam Night Vision CS-QR20" provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities.
Products Affected
- SmaCam CS-QR10 all versions
- SmaCam Night Vision CS-QR20 all versions
Description
Network camera products "SmaCam CS-QR10" and "SmaCam Night Vision CS-QR20" provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below.
Impact
- By connecting to the product's certain serial connection, an attacker may execute an arbitrary OS command - CVE-2022-38399
- An attacker who can log in to the web management interface may execute an arbitrary OS command on the affected product - CVE-2017-12576
Solution
Stop using the products or Use in a safe environment
The products are no longer supported, and the fix updates for the issues will not be available.
As a workaround, the developer recommends the users to stop using the products, or to change the administrator password and use it in a secure local network environment.
Vendor Status
| Vendor | Link |
| PLANEX COMMUNICATIONS INC. | SmaCam CS-QR10 (Text in Japanese) |
| SmaCam Night Vision CS-QR20 (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Thomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2022-38399 |
| JVN iPedia |
|