PT-2021-22262 · Motorola Solutions · Avigilon T101+8

Published

2021-12-15

Updated

2021-12-22

CVE-2021-38701

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Avigilon T200/201 versions prior to 4.10.0.68 Avigilon T290 versions prior to 4.4.0.80 Avigilon T008 versions prior to 2.2.0.86 Avigilon T205 versions prior to 4.12.0.62 Avigilon T204 versions prior to 3.28.0.166 Avigilon T100, T101, T102, and T103 versions prior to 2.6.0.180

Description The issue affects the administrative UI of certain Motorola Solutions Avigilon devices, allowing cross-site scripting (XSS).

Recommendations For Avigilon T200/201 versions prior to 4.10.0.68, update to version 4.10.0.68 or later. For Avigilon T290 versions prior to 4.4.0.80, update to version 4.4.0.80 or later. For Avigilon T008 versions prior to 2.2.0.86, update to version 2.2.0.86 or later. For Avigilon T205 versions prior to 4.12.0.62, update to version 4.12.0.62 or later. For Avigilon T204 versions prior to 3.28.0.166, update to version 3.28.0.166 or later. For Avigilon T100, T101, T102, and T103 versions prior to 2.6.0.180, update to version 2.6.0.180 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-38701

Affected Products

Avigilon T008

Avigilon T100

Avigilon T101

Avigilon T102

Avigilon T103

Avigilon T200/201

Avigilon T204

Avigilon T205

Avigilon T290

PT-2021-22262 · Motorola Solutions · Avigilon T101+8

CVE-2021-38701

Weakness Enumeration

Related Identifiers

Affected Products

References · 4