Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for (multiple products) by i-PRO Co., Ltd.

    JVNDB-2025-000037

    Vulnerability from jvndb - Published: 2025-06-06 13:56 - Updated:2025-06-06 13:56
    Severity
    Summary
    Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery
    Details
    Multiple surveillance cameras provided by i-PRO Co., Ltd. contain the following vulnerability.
    • Cross-Site Request Forgery (CSRF) (CWE-352) - CVE-2025-36513
    Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated. After the coordination was completed, i-PRO Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000037.html",
      "dc:date": "2025-06-06T13:56+09:00",
      "dcterms:issued": "2025-06-06T13:56+09:00",
      "dcterms:modified": "2025-06-06T13:56+09:00",
      "description": "Multiple surveillance cameras provided by i-PRO Co., Ltd. contain the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eCross-Site Request Forgery (CSRF) (CWE-352) - CVE-2025-36513\u003c/li\u003e\u003c/ul\u003e\r\n\r\nDiego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated.\r\nAfter the coordination was completed, i-PRO Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000037.html",
      "sec:cpe": {
        "#text": "cpe:/a:i-pro:multiple_product",
        "@product": "(multiple products)",
        "@vendor": "i-PRO Co., Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000037",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN10964289/index.html",
          "@id": "JVN#10964289",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-36513",
          "@id": "CVE-2025-36513",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        }
      ],
      "title": "Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery"
    }

    JVNDB-2025-000028

    Vulnerability from jvndb - Published: 2025-04-24 13:50 - Updated:2025-04-24 13:50
    Severity
    Summary
    i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key
    Details
    i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below. * Use of hard-coded cryptographic key (CWE-321) Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated. After the coordination was completed, i-PRO Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000028.html",
      "dc:date": "2025-04-24T13:50+09:00",
      "dcterms:issued": "2025-04-24T13:50+09:00",
      "dcterms:modified": "2025-04-24T13:50+09:00",
      "description": "i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below.\r\n\r\n* Use of hard-coded cryptographic key (CWE-321)\r\n\r\nDiego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated.\r\nAfter the coordination was completed, i-PRO Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000028.html",
      "sec:cpe": {
        "#text": "cpe:/a:i-pro:multiple_product",
        "@product": "(multiple products)",
        "@vendor": "i-PRO Co., Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.5",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000028",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN84627857/index.html",
          "@id": "JVN#84627857",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-32730",
          "@id": "CVE-2025-32730",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key"
    }