Details of VAR-201312-0512

ID

VAR-201312-0512

TITLE

Vimicro Vilar IP Camera '/setup/user_account.html' HTML Injection Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-00121 // BID: 64616

DESCRIPTION

The application did not adequately filter the user-submitted input. Vimicro Vilar IP Camera is a series of network camera products from China Vimicro. An HTML injection vulnerability exists in the Vimicro Vilar IP Camera, which originates from applications that do not adequately filter input submitted by users. An attacker could use this vulnerability to run HTML and script code provided by the attacker in the context of an affected browser, steal cookie-based authentication, or control how the site is presented to users. There are vulnerabilities in Vimicro Corp IP-001A 1.1.0.32, other versions may also be affected. Other attacks are also possible

Trust: 1.35

sources: CNVD: CNVD-2014-00121 // CNNVD: CNNVD-201401-060 // BID: 64616

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00121

AFFECTED PRODUCTS

vendor:	vimicro	model:	corp ip-001a	scope:	eq	version:	1.1.0.32	Trust: 0.6
vendor:	vimicro	model:	corp ip camera ip-001a	scope:	eq	version:	1.1.0.32	Trust: 0.3
vendor:	monacore	model:	international vwc-300pt	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-00121 // BID: 64616

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-00121
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-00121
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-00121

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-060

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201401-060

EXTERNAL IDS

db:	BID	id:	64616	Trust: 1.5
db:	CNVD	id:	CNVD-2014-00121	Trust: 0.6
db:	CNNVD	id:	CNNVD-201401-060	Trust: 0.6

sources: CNVD: CNVD-2014-00121 // BID: 64616 // CNNVD: CNNVD-201401-060

REFERENCES

url:	http://www.securityfocus.com/bid/64616	Trust: 1.2
url:	http://www.monacor.com/index.php	Trust: 0.3
url:	http://www.vimicro.com/english/product/advanced002.htm	Trust: 0.3

sources: CNVD: CNVD-2014-00121 // BID: 64616 // CNNVD: CNNVD-201401-060

CREDITS

Darius Freamon

Trust: 0.9

sources: BID: 64616 // CNNVD: CNNVD-201401-060

SOURCES

db:	CNVD	id:	CNVD-2014-00121
db:	BID	id:	64616
db:	CNNVD	id:	CNNVD-201401-060

LAST UPDATE DATE

2022-05-17T02:10:38.896000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00121	date:	2014-01-09T00:00:00
db:	BID	id:	64616	date:	2013-12-22T00:00:00
db:	CNNVD	id:	CNNVD-201401-060	date:	2014-01-07T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00121	date:	2014-01-09T00:00:00
db:	BID	id:	64616	date:	2013-12-22T00:00:00
db:	CNNVD	id:	CNNVD-201401-060	date:	2013-12-22T00:00:00