VAR-201312-0512
Vulnerability from variot - Updated: 2022-05-17 02:10The application did not adequately filter the user-submitted input. Vimicro Vilar IP Camera is a series of network camera products from China Vimicro. An HTML injection vulnerability exists in the Vimicro Vilar IP Camera, which originates from applications that do not adequately filter input submitted by users. An attacker could use this vulnerability to run HTML and script code provided by the attacker in the context of an affected browser, steal cookie-based authentication, or control how the site is presented to users. There are vulnerabilities in Vimicro Corp IP-001A 1.1.0.32, other versions may also be affected. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0512",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "corp ip-001a",
"scope": "eq",
"trust": 0.6,
"vendor": "vimicro",
"version": "1.1.0.32"
},
{
"model": "corp ip camera ip-001a",
"scope": "eq",
"trust": 0.3,
"vendor": "vimicro",
"version": "1.1.0.32"
},
{
"model": "international vwc-300pt",
"scope": "eq",
"trust": 0.3,
"vendor": "monacore",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "BID",
"id": "64616"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Darius Freamon",
"sources": [
{
"db": "BID",
"id": "64616"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00121",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-00121",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The application did not adequately filter the user-submitted input. Vimicro Vilar IP Camera is a series of network camera products from China Vimicro. \nAn HTML injection vulnerability exists in the Vimicro Vilar IP Camera, which originates from applications that do not adequately filter input submitted by users. An attacker could use this vulnerability to run HTML and script code provided by the attacker in the context of an affected browser, steal cookie-based authentication, or control how the site is presented to users. There are vulnerabilities in Vimicro Corp IP-001A 1.1.0.32, other versions may also be affected. Other attacks are also possible",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
},
{
"db": "BID",
"id": "64616"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "64616",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2014-00121",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "BID",
"id": "64616"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
]
},
"id": "VAR-201312-0512",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
}
]
},
"last_update_date": "2022-05-17T02:10:38.896000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/64616"
},
{
"trust": 0.3,
"url": "http://www.monacor.com/index.php"
},
{
"trust": 0.3,
"url": "http://www.vimicro.com/english/product/advanced002.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "BID",
"id": "64616"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "BID",
"id": "64616"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"date": "2013-12-22T00:00:00",
"db": "BID",
"id": "64616"
},
{
"date": "2013-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"date": "2013-12-22T00:00:00",
"db": "BID",
"id": "64616"
},
{
"date": "2014-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vimicro Vilar IP Camera \u0027/setup/user_account.html\u0027 HTML Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "BID",
"id": "64616"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…