Sign-up

ID

VAR-201702-0426


CVE

CVE-2016-5813


TITLE

Visonic PowerLink2 Vulnerability in which information is disclosed

Trust: 0.8

sources: JVNDB: JVNDB-2016-007978

DESCRIPTION

An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE). Visonic PowerLink2 Contains an information disclosure vulnerability.Information may be disclosed. Visonic PowerLink2 is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials or gain access to sensitive information. Visonic PowerLink2 is a web interface for viewing and controlling intrusion prevention systems from Visonic, Israel

Trust: 1.98

sources: NVD: CVE-2016-5813 // JVNDB: JVNDB-2016-007978 // BID: 94894 // VULHUB: VHN-94632

AFFECTED PRODUCTS

vendor:visonicmodel:powerlink2scope:eqversion: -

Trust: 1.6

vendor:visonicmodel:powerlink2scope:ltversion:release

Trust: 0.8

vendor:visonicmodel:powerlink2scope: - version: -

Trust: 0.8

vendor:visonicmodel:powerlink2scope:eqversion:october 2016

Trust: 0.8

vendor:tycomodel:powerlink2scope:eqversion:0

Trust: 0.3

sources: BID: 94894 // JVNDB: JVNDB-2016-007978 // CNNVD: CNNVD-201612-507 // NVD: CVE-2016-5813

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5813
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-5813
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201612-507
value: MEDIUM

Trust: 0.6

VULHUB: VHN-94632
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-5813
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-94632
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5813
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-94632 // JVNDB: JVNDB-2016-007978 // CNNVD: CNNVD-201612-507 // NVD: CVE-2016-5813

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-94632 // JVNDB: JVNDB-2016-007978 // NVD: CVE-2016-5813

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-507

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201612-507

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007978

PATCH
title:Top Pageurl:http://www.visonic.com
Trust: 0.8
title:Visonic PowerLink2 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66541
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-007978 // 
            
            
            
            CNNVD: CNNVD-201612-507

EXTERNAL IDS
db:NVDid:CVE-2016-5813
Trust: 2.8
db:ICS CERTid:ICSA-16-348-01
Trust: 2.8
db:BIDid:94894
Trust: 2.0
db:JVNDBid:JVNDB-2016-007978
Trust: 0.8
db:CNNVDid:CNNVD-201612-507
Trust: 0.7
db:VULHUBid:VHN-94632
Trust: 0.1
sources:
            
            
            VULHUB: VHN-94632 // 
            
            
            
            BID: 94894 // 
            
            
            
            JVNDB: JVNDB-2016-007978 // 
            
            
            
            CNNVD: CNNVD-201612-507 // 
            
            
            
            NVD: CVE-2016-5813

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-348-01
Trust: 2.8
url:http://www.securityfocus.com/bid/94894
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5813
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-5813
Trust: 0.8
url:https://www.visonic.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-94632 // 
            
            
            
            BID: 94894 // 
            
            
            
            JVNDB: JVNDB-2016-007978 // 
            
            
            
            CNNVD: CNNVD-201612-507 // 
            
            
            
            NVD: CVE-2016-5813

CREDITS
Aditya K. Sood.
Trust: 0.9
sources:
            
            
            BID: 94894 // 
            
            
            
            CNNVD: CNNVD-201612-507

SOURCES
db:VULHUBid:VHN-94632
db:BIDid:94894
db:JVNDBid:JVNDB-2016-007978
db:CNNVDid:CNNVD-201612-507
db:NVDid:CVE-2016-5813

LAST UPDATE DATE
2025-04-20T23:16:20.403000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-94632date:2017-03-14T00:00:00
db:BIDid:94894date:2016-12-20T01:09:00
db:JVNDBid:JVNDB-2016-007978date:2017-04-04T00:00:00
db:CNNVDid:CNNVD-201612-507date:2016-12-15T00:00:00
db:NVDid:CVE-2016-5813date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-94632date:2017-02-13T00:00:00
db:BIDid:94894date:2016-12-13T00:00:00
db:JVNDBid:JVNDB-2016-007978date:2017-04-04T00:00:00
db:CNNVDid:CNNVD-201612-507date:2016-12-15T00:00:00
db:NVDid:CVE-2016-5813date:2017-02-13T21:59:00.470