JVNVU#90766406
Multiple vulnerabilities in PLANEX Network camera products
Overview
"SmaCam CS-QR10" and "SmaCam Night Vision CS-QR20" provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities.
Products Affected
- SmaCam CS-QR10 all versions
- SmaCam Night Vision CS-QR20 all versions
Description
Network camera products "SmaCam CS-QR10" and "SmaCam Night Vision CS-QR20" provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below.
Impact
- By connecting to the product's certain serial connection, an attacker may execute an arbitrary OS command - CVE-2022-38399
- An attacker who can log in to the web management interface may execute an arbitrary OS command on the affected product - CVE-2017-12576
Solution
Stop using the products or Use in a safe environment
The products are no longer supported, and the fix updates for the issues will not be available.
As a workaround, the developer recommends the users to stop using the products, or to change the administrator password and use it in a secure local network environment.
Vendor Status
Vendor | Link |
PLANEX COMMUNICATIONS INC. | SmaCam CS-QR10 (Text in Japanese) |
SmaCam Night Vision CS-QR20 (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Thomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2022-38399 |
JVN iPedia |
|