Multiple vulnerabilities in PLANEX Network camera products



Published: 2022-09-02
Risk Low
Patch available NO
Number of vulnerabilities 2
CVE-ID CVE-2022-38399
CVE-2017-12576
CWE-ID CWE-78
CWE-668
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SmaCam Night Vision CS-QR20
Hardware solutions / Security hardware applicances

SmaCam CS-QR10
Hardware solutions / Security hardware applicances

Vendor PLANEX COMMUNICATIONS

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) OS Command Injection

EUVDB-ID: #VU66940

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-38399

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to missing protection mechanism for alternate hardware interface. An attacker with physical access can connect to the product's certain serial connection and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SmaCam Night Vision CS-QR20: All versions

SmaCam CS-QR10: All versions


CPE2.3 External links

http://jvn.jp/en/vu/JVNVU90766406/index.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Exposure of Resource to Wrong Sphere

EUVDB-ID: #VU66941

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-12576

CWE-ID: CWE-668 - Exposure of resource to wrong sphere

Exploit availability: No

Description

The vulnerability allows a remote user to compromise the system.

The vulnerability exists due to a hidden and undocumented management page. A remote administrator can execute arbitrary code on the target device.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SmaCam Night Vision CS-QR20: All versions

SmaCam CS-QR10: All versions


CPE2.3 External links

http://jvn.jp/en/vu/JVNVU90766406/index.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###