PT-2019-9543 · Vivotek · Vivotek Network Camera Series

Published

2019-01-03

Updated

2019-01-14

CVE-2018-18005

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions VIVOTEK Network Camera Series products with firmware 0x06x through 0x08x

Description The issue concerns cross-site scripting in the event script.js file, allowing remote attackers to execute arbitrary JavaScript code via a URL query string parameter.

Recommendations For VIVOTEK Network Camera Series products with firmware 0x06x through 0x08x, update the firmware to a version that is not affected by this issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-18005

Affected Products

Vivotek Network Camera Series

PT-2019-9543 · Vivotek · Vivotek Network Camera Series

CVE-2018-18005

Weakness Enumeration

Related Identifiers

Affected Products

References · 3