BID:30460

Panasonic Network Cameras Error Page Multiple Cross Site Scripting Vulnerabilities

Info

Panasonic Network Cameras Error Page Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	30460
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 31 2008 12:00AM
Updated:	Jul 31 2008 08:07PM
Credit:	NetAgent Co., Ltd.
Vulnerable:	Panasonic Network Camera BL-C131 3.14R03 Panasonic Network Camera BL-C111 3.14R02 Panasonic Network Camera BB-HCM581 3.21R00 Panasonic Network Camera BB-HCM580 3.21R00 Panasonic Network Camera BB-HCM531 3.20R01 Panasonic Network Camera BB-HCM527 3.30R00 Panasonic Network Camera BB-HCM515 3.20R01 Panasonic Network Camera BB-HCM511 3.20R01

Not Vulnerable:

Discussion

Panasonic Network Cameras Error Page Multiple Cross Site Scripting Vulnerabilities

Panasonic Network Cameras are prone to multiple cross-site scripting vulnerabilities because the devices fails to properly sanitize user-supplied input before using it in dynamically generated content.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The following versions of Panasonic Network Cameras are vulnerable:

BL-C111 Ver.3.14R02 and prior
BL-C131 Ver.3.14R03 and prior
BB-HCM511 Ver.3.20R01 and prior
BB-HCM531 Ver.3.20R01 and prior
BB-HCM580 Ver.3.21R00 and prior
BB-HCM581 Ver.3.21R00 and prior
BB-HCM527 Ver.3.30R00 and prior
BB-HCM515 Ver.3.20R01 and prior

Exploit / POC

Panasonic Network Cameras Error Page Multiple Cross Site Scripting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.

Solution / Fix

Panasonic Network Cameras Error Page Multiple Cross Site Scripting Vulnerabilities

Solution:
The vendor has released updates. Please see the references for more information.

References

Panasonic Network Cameras Error Page Multiple Cross Site Scripting Vulnerabilities

References:

Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross- (JVN)
Panasonic Homepage (Panasonic)