PT-2019-9558 · Vivotek · Vivotek Network Camera Series
Publicado
2019-01-03
·
Atualizado
2019-01-14
·
CVE-2018-18244
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x
Description
The issue allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header, which is a result of cross-site scripting in the syslog.html file.
Recommendations
For firmware versions 0x06x to 0x08x, consider disabling access to the syslog.html file until a patch is available. Restrict access to the HTTP Referer Header to minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Vivotek Network Camera Series