Details of VAR-202409-0992

ID

VAR-202409-0992

CVE

CVE-2024-45836

TITLE

Multiple vulnerabilities in Planex network equipment

Trust: 0.8

sources: JVNDB: JVNDB-2024-000101

DESCRIPTION

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user. None

Trust: 1.62

sources: NVD: CVE-2024-45836 // JVNDB: JVNDB-2024-000101

AFFECTED PRODUCTS

vendor:	planex	model:	cs-qr220	scope:	eq	version:	*	Trust: 1.0
vendor:	planex	model:	cs-qr20	scope:	eq	version:	*	Trust: 1.0
vendor:	planex	model:	cs-qr300	scope:	eq	version:	*	Trust: 1.0
vendor:	planex	model:	cs-qr22	scope:	eq	version:	*	Trust: 1.0
vendor:	planex	model:	cs-qr10	scope:	eq	version:	*	Trust: 1.0
vendor:	プラネックスコミュニケーションズ株式会社	model:	cs-qr10	scope:	-	version:	-	Trust: 0.8
vendor:	プラネックスコミュニケーションズ株式会社	model:	cs-qr300	scope:	-	version:	-	Trust: 0.8
vendor:	プラネックスコミュニケーションズ株式会社	model:	cs-qr22	scope:	-	version:	-	Trust: 0.8
vendor:	プラネックスコミュニケーションズ株式会社	model:	mzk-dp300n	scope:	lte	version:	firmware 1.04 and earlier (cve-2024-45372)	Trust: 0.8
vendor:	プラネックスコミュニケーションズ株式会社	model:	cs-qr20	scope:	-	version:	-	Trust: 0.8
vendor:	プラネックスコミュニケーションズ株式会社	model:	cs-qr220	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-000101 // NVD: CVE-2024-45836

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-45836
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2024-000101
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2024-45836
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
IPA:	JVNDB-2024-000101
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-000101 // NVD: CVE-2024-45836

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [IPA evaluation ]	Trust: 0.8
problemtype:	Cross-site request forgery (CWE-352) [IPA evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-000101 // NVD: CVE-2024-45836

PATCH

title:

Planex Communications Inc. announcement page

url:

https://www.planex.co.jp/support/download/mzk-dp300n/

Trust: 0.8

sources: JVNDB: JVNDB-2024-000101

EXTERNAL IDS

db:	JVN	id:	JVN81966868	Trust: 1.8
db:	NVD	id:	CVE-2024-45836	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-000101	Trust: 0.8

sources: JVNDB: JVNDB-2024-000101 // NVD: CVE-2024-45836

REFERENCES

url:	https://jvn.jp/en/jp/jvn81966868/	Trust: 1.0
url:	https://jvn.jp/jp/jvn81966868/index.html	Trust: 0.8

sources: JVNDB: JVNDB-2024-000101 // NVD: CVE-2024-45836

SOURCES

db:	JVNDB	id:	JVNDB-2024-000101
db:	NVD	id:	CVE-2024-45836

LAST UPDATE DATE

2024-10-04T02:28:39.604000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-000101	date:	2024-09-24T03:10:00
db:	NVD	id:	CVE-2024-45836	date:	2024-10-03T00:35:53.797

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-000101	date:	2024-09-24T00:00:00
db:	NVD	id:	CVE-2024-45836	date:	2024-09-26T05:15:12.190