CVE-2024-45836

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user.
References
Link Resource
https://jvn.jp/en/jp/JVN81966868/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:planex:cs-qr10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planex:cs-qr10:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:planex:cs-qr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planex:cs-qr20:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:planex:cs-qr22_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planex:cs-qr22:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:planex:cs-qr220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planex:cs-qr220:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:planex:cs-qr300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planex:cs-qr300:-:*:*:*:*:*:*:*

History

03 Oct 2024, 00:35

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN81966868/ - () https://jvn.jp/en/jp/JVN81966868/ - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:o:planex:cs-qr10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:planex:cs-qr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planex:cs-qr20:-:*:*:*:*:*:*:*
cpe:2.3:h:planex:cs-qr22:-:*:*:*:*:*:*:*
cpe:2.3:o:planex:cs-qr22_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:planex:cs-qr300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planex:cs-qr220:-:*:*:*:*:*:*:*
cpe:2.3:o:planex:cs-qr220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planex:cs-qr300:-:*:*:*:*:*:*:*
cpe:2.3:h:planex:cs-qr10:-:*:*:*:*:*:*:*
First Time Planex cs-qr10
Planex cs-qr22 Firmware
Planex cs-qr300 Firmware
Planex cs-qr20
Planex cs-qr220 Firmware
Planex cs-qr300
Planex cs-qr20 Firmware
Planex
Planex cs-qr10 Firmware
Planex cs-qr220
Planex cs-qr22

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de Cross Site Scripting en la página de administración web de las cámaras de red PLANEX COMMUNICATIONS. Si un usuario conectado accede a un archivo específico, se puede ejecutar una secuencia de comandos arbitraria en el navegador web del usuario.

26 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 05:15

Updated : 2024-10-03 00:35


NVD link : CVE-2024-45836

Mitre link : CVE-2024-45836

CVE.ORG link : CVE-2024-45836


JSON object : View

Products Affected

planex

  • cs-qr20
  • cs-qr300_firmware
  • cs-qr22
  • cs-qr220_firmware
  • cs-qr10_firmware
  • cs-qr20_firmware
  • cs-qr300
  • cs-qr220
  • cs-qr10
  • cs-qr22_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')