Sign-up

ID

VAR-200605-0287


CVE

CVE-2006-2490


TITLE

Mobotix IP Camera Multiple Cross-Site Scripting Vulnerabilities

Trust: 0.9

sources: BID: 18022 // CNNVD: CNNVD-200605-365

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar. The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. A remote attacker can inject arbitrary web scripts or HTML. Some input isn't properly sanitised before being returned to the user. Examples: http://[host]/help/help?%3CBODY%20ONLOAD=[code]%3E http://[host]/control/events.tar?source_ip=%3CBODY%20ONLOAD=[code]%3E&download=egal http://[host]/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=[code]%3E The vulnerabilities have been reported in version 2.0.5.2 for the M10 series and in version 1.9.4.7 for the M1 series. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy server or firewall with URL filtering capabilities. PROVIDED AND/OR DISCOVERED BY: Jaime Blasco ORIGINAL ADVISORY: http://www.eazel.es/media/advisory001.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-2490 // BID: 18022 // VULHUB: VHN-18598 // PACKETSTORM: 46362

AFFECTED PRODUCTS

vendor:mobotixmodel:ip network camerascope:eqversion:d10

Trust: 1.6

vendor:mobotixmodel:ip network camerascope:eqversion:m22

Trust: 1.6

vendor:mobotixmodel:ip network camerascope:eqversion:m10_2.0.5.2

Trust: 1.6

vendor:mobotixmodel:ip network camerascope:eqversion:m1_1.9.4.7

Trust: 1.6

vendor:mobotixmodel:ip camera m10scope:eqversion:2.0.5.2

Trust: 0.3

vendor:mobotixmodel:ip camera m1scope:eqversion:1.9.4.7

Trust: 0.3

vendor:mobotixmodel:ip camerascope:neversion:3.0.331

Trust: 0.3

vendor:mobotixmodel:ip camerascope:neversion:2.2.3.18

Trust: 0.3

sources: BID: 18022 // CNNVD: CNNVD-200605-365 // NVD: CVE-2006-2490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-2490
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200605-365
value: MEDIUM

Trust: 0.6

VULHUB: VHN-18598
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-2490
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-18598
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-18598 // CNNVD: CNNVD-200605-365 // NVD: CVE-2006-2490

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

sources: VULHUB: VHN-18598 // NVD: CVE-2006-2490

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-365

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 46362 // CNNVD: CNNVD-200605-365

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-18598

EXTERNAL IDS
db:BIDid:18022
Trust: 2.0
db:SECUNIAid:20151
Trust: 1.8
db:SECTRACKid:1016128
Trust: 1.7
db:OSVDBid:25623
Trust: 1.7
db:OSVDBid:25621
Trust: 1.7
db:OSVDBid:25622
Trust: 1.7
db:SREASONid:929
Trust: 1.7
db:VUPENid:ADV-2006-1857
Trust: 1.7
db:NVDid:CVE-2006-2490
Trust: 1.7
db:CNNVDid:CNNVD-200605-365
Trust: 0.7
db:BUGTRAQid:20060822 VENDOR STATEMENT: FIXED MOBOTIX IP NETWORK CAMERAS MULTIPLE XSS BUG
Trust: 0.6
db:BUGTRAQid:20060517 MOBOTIX IP NETWORK CAMERAS MULTIPLE XSS
Trust: 0.6
db:VIMid:20060821 CVE-2006-2490 (MOBOTIX) VENDOR ACK
Trust: 0.6
db:XFid:26538
Trust: 0.6
db:SEEBUGid:SSVID-81485
Trust: 0.1
db:SEEBUGid:SSVID-81484
Trust: 0.1
db:EXPLOIT-DBid:27894
Trust: 0.1
db:EXPLOIT-DBid:27893
Trust: 0.1
db:EXPLOIT-DBid:27892
Trust: 0.1
db:VULHUBid:VHN-18598
Trust: 0.1
db:PACKETSTORMid:46362
Trust: 0.1
sources:
            
            
            VULHUB: VHN-18598 // 
            
            
            
            BID: 18022 // 
            
            
            
            PACKETSTORM: 46362 // 
            
            
            
            CNNVD: CNNVD-200605-365 // 
            
            
            
            NVD: CVE-2006-2490

REFERENCES
url:http://www.eazel.es/media/advisory001.html
Trust: 2.1
url:http://www.securityfocus.com/bid/18022
Trust: 1.7
url:http://www.osvdb.org/25621
Trust: 1.7
url:http://www.osvdb.org/25622
Trust: 1.7
url:http://www.osvdb.org/25623
Trust: 1.7
url:http://securitytracker.com/id?1016128
Trust: 1.7
url:http://secunia.com/advisories/20151
Trust: 1.7
url:http://securityreason.com/securityalert/929
Trust: 1.7
url:http://www.attrition.org/pipermail/vim/2006-august/000980.html
Trust: 1.7
url:http://www.securityfocus.com/archive/1/434289/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/444018/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/1857
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26538
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/26538
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/1857
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/444018/100/0/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/434289/100/0/threaded
Trust: 0.6
url:http://www.mobotix.com/
Trust: 0.3
url:/archive/1/434289
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/10021/
Trust: 0.1
url:http://[host]/control/events.tar?source_ip=%3cbody%20onload=[code]%3e&download=egal
Trust: 0.1
url:http://[host]/help/help?%3cbody%20onload=[code]%3e
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/20151/
Trust: 0.1
url:http://secunia.com/product/10022/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://[host]/control/eventplayer?get_image_info_abspath=%3cbody%20onload=[code]%3e
Trust: 0.1
sources:
            
            
            VULHUB: VHN-18598 // 
            
            
            
            BID: 18022 // 
            
            
            
            PACKETSTORM: 46362 // 
            
            
            
            CNNVD: CNNVD-200605-365 // 
            
            
            
            NVD: CVE-2006-2490

CREDITS
Jaime Blasco is credited with the discovery of these vulnerabilities.
Trust: 0.9
sources:
            
            
            BID: 18022 // 
            
            
            
            CNNVD: CNNVD-200605-365

SOURCES
db:VULHUBid:VHN-18598
db:BIDid:18022
db:PACKETSTORMid:46362
db:CNNVDid:CNNVD-200605-365
db:NVDid:CVE-2006-2490

LAST UPDATE DATE
2024-08-14T15:14:56.933000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-18598date:2018-10-18T00:00:00
db:BIDid:18022date:2006-08-21T16:49:00
db:CNNVDid:CNNVD-200605-365date:2006-08-28T00:00:00
db:NVDid:CVE-2006-2490date:2018-10-18T16:40:22.820

SOURCES RELEASE DATE
db:VULHUBid:VHN-18598date:2006-05-19T00:00:00
db:BIDid:18022date:2006-05-17T00:00:00
db:PACKETSTORMid:46362date:2006-05-18T23:35:49
db:CNNVDid:CNNVD-200605-365date:2006-05-19T00:00:00
db:NVDid:CVE-2006-2490date:2006-05-19T23:02:00