All the vulnerabilites related to PLANEX COMMUNICATIONS INC. - MZK-DP300N
jvndb-2024-000101
Vulnerability from jvndb
Published
2024-09-24 15:26
Modified
2024-09-24 15:26
Severity ?
Summary
Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices
Details
Multiple network devices (network cameras and a router) provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below.<ul><li>Cross-site request forgery (CWE-352) - CVE-2024-45372</li><li>Cross-site scripting vulnerability in the web management page (CWE-79) - CVE-2024-45836</li></ul>
CVE-2024-45372
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVE-2024-45836
Ryota Honda, Akihito Takeuchi, Daichi Uezono, Junnosuke Kushibiki, Ryu Kuki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/jp/JVN81966868/index.html | |
CVE | https://www.cve.org/CVERecord?id=CVE-2024-45372 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2024-45836 | |
Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000101.html", "dc:date": "2024-09-24T15:26+09:00", "dcterms:issued": "2024-09-24T15:26+09:00", "dcterms:modified": "2024-09-24T15:26+09:00", "description": "Multiple network devices (network cameras and a router) provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eCross-site request forgery (CWE-352) - CVE-2024-45372\u003c/li\u003e\u003cli\u003eCross-site scripting vulnerability in the web management page (CWE-79) - CVE-2024-45836\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2024-45372\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2024-45836\r\nRyota Honda, Akihito Takeuchi, Daichi Uezono, Junnosuke Kushibiki, Ryu Kuki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.", "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000101.html", "sec:cpe": [ { "#text": "cpe:/o:planex:cs-qr10", "@product": "CS-QR10", "@vendor": "PLANEX COMMUNICATIONS INC.", "@version": "2.2" }, { "#text": "cpe:/o:planex:cs-qr20", "@product": "CS-QR20", "@vendor": "PLANEX COMMUNICATIONS INC.", "@version": "2.2" }, { "#text": "cpe:/o:planex:cs-qr22", "@product": "CS-QR22", "@vendor": "PLANEX COMMUNICATIONS INC.", "@version": "2.2" }, { "#text": "cpe:/o:planex:cs-qr220", "@product": "CS-QR220", "@vendor": "PLANEX COMMUNICATIONS INC.", "@version": "2.2" }, { "#text": "cpe:/o:planex:cs-qr300", "@product": "CS-QR300", "@vendor": "PLANEX COMMUNICATIONS INC.", "@version": "2.2" }, { "#text": "cpe:/o:planex:mzk-dp300n", "@product": "MZK-DP300N", "@vendor": "PLANEX COMMUNICATIONS INC.", "@version": "2.2" } ], "sec:cvss": { "@score": "7.1", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", "@version": "3.0" }, "sec:identifier": "JVNDB-2024-000101", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN81966868/index.html", "@id": "JVN#81966868", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-45372", "@id": "CVE-2024-45372", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-45836", "@id": "CVE-2024-45836", "@source": "CVE" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-352", "@title": "Cross-Site Request Forgery(CWE-352)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices" }
cve-2024-45372
Vulnerability from cvelistv5
Published
2024-09-26 04:06
Modified
2024-09-26 13:38
Severity ?
EPSS score ?
Summary
MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | PLANEX COMMUNICATIONS INC. | MZK-DP300N |
Version: firmware versions 1.04 and earlier |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45372", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T13:37:59.352659Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T13:38:09.590Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "MZK-DP300N", "vendor": "PLANEX COMMUNICATIONS INC.", "versions": [ { "status": "affected", "version": "firmware versions 1.04 and earlier" } ] } ], "descriptions": [ { "lang": "en", "value": "MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "Cross-site request forgery (CSRF)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-26T04:06:47.174Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://www.planex.co.jp/support/download/mzk-dp300n/" }, { "url": "https://jvn.jp/en/jp/JVN81966868/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-45372", "datePublished": "2024-09-26T04:06:47.174Z", "dateReserved": "2024-09-10T06:57:25.565Z", "dateUpdated": "2024-09-26T13:38:09.590Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }