Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by vimicro
VAR-201312-0512
Vulnerability from variot - Updated: 2022-05-17 02:10The application did not adequately filter the user-submitted input. Vimicro Vilar IP Camera is a series of network camera products from China Vimicro. An HTML injection vulnerability exists in the Vimicro Vilar IP Camera, which originates from applications that do not adequately filter input submitted by users. An attacker could use this vulnerability to run HTML and script code provided by the attacker in the context of an affected browser, steal cookie-based authentication, or control how the site is presented to users. There are vulnerabilities in Vimicro Corp IP-001A 1.1.0.32, other versions may also be affected. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0512",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "corp ip-001a",
"scope": "eq",
"trust": 0.6,
"vendor": "vimicro",
"version": "1.1.0.32"
},
{
"model": "corp ip camera ip-001a",
"scope": "eq",
"trust": 0.3,
"vendor": "vimicro",
"version": "1.1.0.32"
},
{
"model": "international vwc-300pt",
"scope": "eq",
"trust": 0.3,
"vendor": "monacore",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "BID",
"id": "64616"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Darius Freamon",
"sources": [
{
"db": "BID",
"id": "64616"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00121",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-00121",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The application did not adequately filter the user-submitted input. Vimicro Vilar IP Camera is a series of network camera products from China Vimicro. \nAn HTML injection vulnerability exists in the Vimicro Vilar IP Camera, which originates from applications that do not adequately filter input submitted by users. An attacker could use this vulnerability to run HTML and script code provided by the attacker in the context of an affected browser, steal cookie-based authentication, or control how the site is presented to users. There are vulnerabilities in Vimicro Corp IP-001A 1.1.0.32, other versions may also be affected. Other attacks are also possible",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
},
{
"db": "BID",
"id": "64616"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "64616",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2014-00121",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "BID",
"id": "64616"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
]
},
"id": "VAR-201312-0512",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
}
]
},
"last_update_date": "2022-05-17T02:10:38.896000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/64616"
},
{
"trust": 0.3,
"url": "http://www.monacor.com/index.php"
},
{
"trust": 0.3,
"url": "http://www.vimicro.com/english/product/advanced002.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "BID",
"id": "64616"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "BID",
"id": "64616"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"date": "2013-12-22T00:00:00",
"db": "BID",
"id": "64616"
},
{
"date": "2013-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"date": "2013-12-22T00:00:00",
"db": "BID",
"id": "64616"
},
{
"date": "2014-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vimicro Vilar IP Camera \u0027/setup/user_account.html\u0027 HTML Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00121"
},
{
"db": "BID",
"id": "64616"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-060"
}
],
"trust": 0.6
}
}