Sign-up

ID

VAR-201908-0570


CVE

CVE-2019-13407


TITLE

Advan VD-1 Firmware cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008721

DESCRIPTION

A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. Advan VD-1 The firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2019-13407 // JVNDB: JVNDB-2019-008721 // VULHUB: VHN-145250

AFFECTED PRODUCTS

vendor:geovisionmodel:gv-vr360scope:lteversion:1.10

Trust: 1.0

vendor:androvideomodel:vd 1scope:lteversion:230

Trust: 1.0

vendor:geovisionmodel:gv-vd8700scope:lteversion:1.01

Trust: 1.0

vendor:androvideomodel:advan vd-1scope:lteversion:230

Trust: 0.8

vendor:geovisionmodel:gv-vd8700scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv-vr360scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008721 // NVD: CVE-2019-13407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13407
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-13407
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-2181
value: MEDIUM

Trust: 0.6

VULHUB: VHN-145250
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-13407
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-145250
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13407
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-145250 // JVNDB: JVNDB-2019-008721 // CNNVD: CNNVD-201908-2181 // NVD: CVE-2019-13407

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-145250 // JVNDB: JVNDB-2019-008721 // NVD: CVE-2019-13407

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2181

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201908-2181

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008721

PATCH
title:Top Pageurl:http://www.androvideo.com/
Trust: 0.8
title:GV-VR360url:http://www.geovision.com.tw/jp/product/GV-VR360
Trust: 0.8
title:GV-VD8700url:http://www.geovision.com.tw/jp/product/GV-VD8700
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008721

EXTERNAL IDS
db:NVDid:CVE-2019-13407
Trust: 2.5
db:TWCERTid:TVN-201906008
Trust: 1.7
db:JVNDBid:JVNDB-2019-008721
Trust: 0.8
db:CNNVDid:CNNVD-201908-2181
Trust: 0.7
db:VULHUBid:VHN-145250
Trust: 0.1
sources:
            
            
            VULHUB: VHN-145250 // 
            
            
            
            JVNDB: JVNDB-2019-008721 // 
            
            
            
            CNNVD: CNNVD-201908-2181 // 
            
            
            
            NVD: CVE-2019-13407

REFERENCES
url:https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md
Trust: 2.5
url:http://surl.twcert.org.tw/sptwh
Trust: 1.7
url:https://tvn.twcert.org.tw/taiwanvn/tvn-201906008
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-13407
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13407
Trust: 0.8
sources:
            
            
            VULHUB: VHN-145250 // 
            
            
            
            JVNDB: JVNDB-2019-008721 // 
            
            
            
            CNNVD: CNNVD-201908-2181 // 
            
            
            
            NVD: CVE-2019-13407

SOURCES
db:VULHUBid:VHN-145250
db:JVNDBid:JVNDB-2019-008721
db:CNNVDid:CNNVD-201908-2181
db:NVDid:CVE-2019-13407

LAST UPDATE DATE
2024-11-23T22:58:36.979000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-145250date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-008721date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201908-2181date:2020-06-15T00:00:00
db:NVDid:CVE-2019-13407date:2024-11-21T04:24:52.970

SOURCES RELEASE DATE
db:VULHUBid:VHN-145250date:2019-08-29T00:00:00
db:JVNDBid:JVNDB-2019-008721date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201908-2181date:2019-08-28T00:00:00
db:NVDid:CVE-2019-13407date:2019-08-29T01:15:11.710