Sign-up

ID

VAR-200808-0313


CVE

CVE-2008-3482


TITLE

Panasonic NetworkCamera Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: 72adea44-23cd-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200808-053

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiple Panasonic Communications Co., Ltd. network cameras contain a cross-site scripting vulnerability. Panasonic Communications Co., Ltd. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.An arbitrary script could be executed on the user's web browser. Panasonic Network Cameras are prone to multiple cross-site scripting vulnerabilities because the devices fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The following versions of Panasonic Network Cameras are vulnerable: BL-C111 Ver.3.14R02 and prior BL-C131 Ver.3.14R03 and prior BB-HCM511 Ver.3.20R01 and prior BB-HCM531 Ver.3.20R01 and prior BB-HCM580 Ver.3.21R00 and prior BB-HCM581 Ver.3.21R00 and prior BB-HCM527 Ver.3.30R00 and prior BB-HCM515 Ver.3.20R01 and prior. Input passed to unspecified parameters in the error page is not properly sanitised before being returned to the user. The vulnerability is reported in the following products and versions: * BL-C111 Ver.3.14R02 and earlier * BL-C131 Ver.3.14R03 and earlier * BB-HCM511 Ver.3.20R01 and earlier * BB-HCM531 Ver.3.20R01 and earlier * BB-HCM580 Ver.3.21R00 and earlier * BB-HCM581 Ver.3.21R00 and earlier * BB-HCM527 Ver.3.30R00 and earlier * BB-HCM515 Ver.3.20R01 and earlier SOLUTION: Reportedly, a fixed firmware version is available. Contact the vendor for details. PROVIDED AND/OR DISCOVERED BY: NetAgent Co., Ltd. ORIGINAL ADVISORY: http://jvn.jp/en/jp/JVN33706820/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.43

sources: NVD: CVE-2008-3482 // JVNDB: JVNDB-2008-000037 // BID: 80983 // BID: 30460 // IVD: 72adea44-23cd-11e6-abef-000c29c66e3d // PACKETSTORM: 68704

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None // IVD: 72adea44-23cd-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:panasonicmodel:bb hcm527scope:eqversion:3.30

Trust: 1.6

vendor:panasonicmodel:bb hcm511scope:eqversion:3.20

Trust: 1.6

vendor:panasonicmodel:bb hcm580scope:eqversion:3.21

Trust: 1.6

vendor:panasonicmodel:bl c131scope:eqversion:3.14

Trust: 1.6

vendor:panasonicmodel:bb hcm531scope:eqversion:3.20

Trust: 1.6

vendor:panasonicmodel:bb hcm581scope:eqversion:3.21

Trust: 1.6

vendor:panasonicmodel:bl c111scope:eqversion:3.14

Trust: 1.6

vendor:panasonicmodel:bb hcm515scope:eqversion:3.20

Trust: 1.6

vendor:panasonicmodel:bb-hcm511scope:lteversion:ver.3.20r01

Trust: 0.8

vendor:panasonicmodel:bb-hcm515scope:lteversion:ver.3.20r01

Trust: 0.8

vendor:panasonicmodel:bb-hcm527scope:lteversion:ver.3.30r00

Trust: 0.8

vendor:panasonicmodel:bb-hcm531scope:lteversion:ver.3.20r01

Trust: 0.8

vendor:panasonicmodel:bb-hcm580scope:lteversion:ver.3.21r00

Trust: 0.8

vendor:panasonicmodel:bb-hcm581scope:lteversion:ver.3.21r00

Trust: 0.8

vendor:panasonicmodel:bl-c111scope:lteversion:ver.3.14r02

Trust: 0.8

vendor:panasonicmodel:bl-c131scope:lteversion:ver.3.14r03

Trust: 0.8

vendor:panasonicmodel:bl c131 r03scope:eqversion:3.14

Trust: 0.3

vendor:panasonicmodel:bl c111 r02scope:eqversion:3.14

Trust: 0.3

vendor:panasonicmodel:bb hcm581 r00scope:eqversion:3.21

Trust: 0.3

vendor:panasonicmodel:bb hcm580 r00scope:eqversion:3.21

Trust: 0.3

vendor:panasonicmodel:bb hcm531 r01scope:eqversion:3.20

Trust: 0.3

vendor:panasonicmodel:bb hcm527 r01scope:eqversion:3.30

Trust: 0.3

vendor:panasonicmodel:bb hcm515 r01scope:eqversion:3.20

Trust: 0.3

vendor:panasonicmodel:bb hcm511 r01scope:eqversion:3.20

Trust: 0.3

vendor:panasonicmodel:network camera bl-c131 3.14r03scope: - version: -

Trust: 0.3

vendor:panasonicmodel:network camera bl-c111 3.14r02scope: - version: -

Trust: 0.3

vendor:panasonicmodel:network camera bb-hcm581 3.21r00scope: - version: -

Trust: 0.3

vendor:panasonicmodel:network camera bb-hcm580 3.21r00scope: - version: -

Trust: 0.3

vendor:panasonicmodel:network camera bb-hcm531 3.20r01scope: - version: -

Trust: 0.3

vendor:panasonicmodel:network camera bb-hcm527 3.30r00scope: - version: -

Trust: 0.3

vendor:panasonicmodel:network camera bb-hcm515 3.20r01scope: - version: -

Trust: 0.3

vendor:panasonicmodel:network camera bb-hcm511 3.20r01scope: - version: -

Trust: 0.3

vendor:bb hcm511model: - scope:eqversion:3.20

Trust: 0.2

vendor:bb hcm515model: - scope:eqversion:3.20

Trust: 0.2

vendor:bb hcm527model: - scope:eqversion:3.30

Trust: 0.2

vendor:bb hcm531model: - scope:eqversion:3.20

Trust: 0.2

vendor:bb hcm580model: - scope:eqversion:3.21

Trust: 0.2

vendor:bb hcm581model: - scope:eqversion:3.21

Trust: 0.2

vendor:bl c111model: - scope:eqversion:3.14

Trust: 0.2

vendor:bl c131model: - scope:eqversion:3.14

Trust: 0.2

sources: IVD: 72adea44-23cd-11e6-abef-000c29c66e3d // BID: 80983 // BID: 30460 // JVNDB: JVNDB-2008-000037 // CNNVD: CNNVD-200808-053 // NVD: CVE-2008-3482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3482
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2008-000037
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200808-053
value: MEDIUM

Trust: 0.6

IVD: 72adea44-23cd-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2008-3482
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2008-000037
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IVD: 72adea44-23cd-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 72adea44-23cd-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2008-000037 // CNNVD: CNNVD-200808-053 // NVD: CVE-2008-3482

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2008-000037 // NVD: CVE-2008-3482

THREAT TYPE

network

Trust: 0.6

sources: BID: 80983 // BID: 30460

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 68704 // CNNVD: CNNVD-200808-053

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-000037

PATCH
title:Network Cameraurl:http://panasonic.net/pcc/support/netwkcam/support/info_xss.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-000037

EXTERNAL IDS
db:JVNDBid:JVNDB-2008-000037
Trust: 3.2
db:JVNid:JVN33706820
Trust: 3.1
db:NVDid:CVE-2008-3482
Trust: 3.0
db:SECUNIAid:31304
Trust: 2.6
db:VUPENid:ADV-2008-2257
Trust: 1.6
db:XFid:44118
Trust: 0.9
db:CNNVDid:CNNVD-200808-053
Trust: 0.8
db:JVNid:JVN#33706820
Trust: 0.6
db:BIDid:80983
Trust: 0.3
db:BIDid:30460
Trust: 0.3
db:IVDid:72ADEA44-23CD-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:OTHERid:NONE
Trust: 0.1
db:PACKETSTORMid:68704
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            IVD: 72adea44-23cd-11e6-abef-000c29c66e3d // 
            
            
            
            BID: 80983 // 
            
            
            
            BID: 30460 // 
            
            
            
            JVNDB: JVNDB-2008-000037 // 
            
            
            
            PACKETSTORM: 68704 // 
            
            
            
            CNNVD: CNNVD-200808-053 // 
            
            
            
            NVD: CVE-2008-3482

REFERENCES
url:http://jvn.jp/en/jp/jvn33706820/index.html
Trust: 3.1
url:http://secunia.com/advisories/31304
Trust: 2.4
url:http://panasonic.net/pcc/support/netwkcam/support/info_xss.html
Trust: 1.9
url:http://jvndb.jvn.jp/contents/ja/2008/jvndb-2008-000037.html
Trust: 1.6
url:http://www.vupen.com/english/advisories/2008/2257/references
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/44118
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/44118
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3482
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2008/2257
Trust: 0.8
url:http://jvndb.jvn.jp/ja/contents/2008/jvndb-2008-000037.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3482
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2008/2257/references
Trust: 0.6
url:http://panasonic.com/
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/19396/
Trust: 0.1
url:http://secunia.com/advisories/31304/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/product/19397/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/secunia_security_specialist/
Trust: 0.1
url:http://corporate.secunia.com/about_secunia/64/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            BID: 80983 // 
            
            
            
            BID: 30460 // 
            
            
            
            JVNDB: JVNDB-2008-000037 // 
            
            
            
            PACKETSTORM: 68704 // 
            
            
            
            CNNVD: CNNVD-200808-053 // 
            
            
            
            NVD: CVE-2008-3482

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 80983

SOURCES
db:OTHERid: - 
db:IVDid:72adea44-23cd-11e6-abef-000c29c66e3d
db:BIDid:80983
db:BIDid:30460
db:JVNDBid:JVNDB-2008-000037
db:PACKETSTORMid:68704
db:CNNVDid:CNNVD-200808-053
db:NVDid:CVE-2008-3482

LAST UPDATE DATE
2025-04-10T22:03:53.863000+00:00

SOURCES UPDATE DATE
db:BIDid:80983date:2008-08-05T00:00:00
db:BIDid:30460date:2008-07-31T20:07:00
db:JVNDBid:JVNDB-2008-000037date:2008-08-04T00:00:00
db:CNNVDid:CNNVD-200808-053date:2008-09-05T00:00:00
db:NVDid:CVE-2008-3482date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:IVDid:72adea44-23cd-11e6-abef-000c29c66e3ddate:2008-08-05T00:00:00
db:BIDid:80983date:2008-08-05T00:00:00
db:BIDid:30460date:2008-07-31T00:00:00
db:JVNDBid:JVNDB-2008-000037date:2008-08-04T00:00:00
db:PACKETSTORMid:68704date:2008-07-31T22:52:54
db:CNNVDid:CNNVD-200808-053date:2008-08-05T00:00:00
db:NVDid:CVE-2008-3482date:2008-08-05T20:41:00