Sign-up

ID

VAR-201905-0220


CVE

CVE-2019-12502


TITLE

MOBOTIX S14 Cross-site request forgery vulnerability in camera

Trust: 0.8

sources: JVNDB: JVNDB-2019-004899

DESCRIPTION

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI. MOBOTIX S14 The camera contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MOBOTIX S14 is a network camera produced by German MOBOTIX company. There is a cross-site request forgery vulnerability in MOBOTIX S14 MX-V4.2.1.61. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Trust: 1.71

sources: NVD: CVE-2019-12502 // JVNDB: JVNDB-2019-004899 // VULHUB: VHN-144255

AFFECTED PRODUCTS

vendor:mobotixmodel:s14scope:eqversion:mx-v4.2.1.61

Trust: 1.8

sources: JVNDB: JVNDB-2019-004899 // NVD: CVE-2019-12502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12502
value: HIGH

Trust: 1.0

NVD: CVE-2019-12502
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-1211
value: HIGH

Trust: 0.6

VULHUB: VHN-144255
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12502
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144255
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12502
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-144255 // JVNDB: JVNDB-2019-004899 // CNNVD: CNNVD-201905-1211 // NVD: CVE-2019-12502

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-144255 // JVNDB: JVNDB-2019-004899 // NVD: CVE-2019-12502

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1211

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201905-1211

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004899

PATCH
title:Mobotix S14url:http://www.mobotix-camera.nl/cameras/mobotix-s14/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-004899

EXTERNAL IDS
db:NVDid:CVE-2019-12502
Trust: 2.5
db:JVNDBid:JVNDB-2019-004899
Trust: 0.8
db:CNNVDid:CNNVD-201905-1211
Trust: 0.7
db:VULHUBid:VHN-144255
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144255 // 
            
            
            
            JVNDB: JVNDB-2019-004899 // 
            
            
            
            CNNVD: CNNVD-201905-1211 // 
            
            
            
            NVD: CVE-2019-12502

REFERENCES
url:https://gist.github.com/llandeilocymro/55a61e3730cdef56ab5806a677ba0891
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-12502
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12502
Trust: 0.8
sources:
            
            
            VULHUB: VHN-144255 // 
            
            
            
            JVNDB: JVNDB-2019-004899 // 
            
            
            
            CNNVD: CNNVD-201905-1211 // 
            
            
            
            NVD: CVE-2019-12502

SOURCES
db:VULHUBid:VHN-144255
db:JVNDBid:JVNDB-2019-004899
db:CNNVDid:CNNVD-201905-1211
db:NVDid:CVE-2019-12502

LAST UPDATE DATE
2024-11-23T23:04:47.544000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144255date:2019-05-31T00:00:00
db:JVNDBid:JVNDB-2019-004899date:2019-06-11T00:00:00
db:CNNVDid:CNNVD-201905-1211date:2019-06-03T00:00:00
db:NVDid:CVE-2019-12502date:2024-11-21T04:22:59.133

SOURCES RELEASE DATE
db:VULHUBid:VHN-144255date:2019-05-31T00:00:00
db:JVNDBid:JVNDB-2019-004899date:2019-06-11T00:00:00
db:CNNVDid:CNNVD-201905-1211date:2019-05-31T00:00:00
db:NVDid:CVE-2019-12502date:2019-05-31T13:29:00.333