CVE-2024-45836

Summary

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user.

Affected Software

VendorProductVersion RangeStatus
PLANEX COMMUNICATIONS INC.CS-QR10all firmware versionsaffected
PLANEX COMMUNICATIONS INC.CS-QR20all firmware versionsaffected
PLANEX COMMUNICATIONS INC.CS-QR22all firmware versionsaffected
PLANEX COMMUNICATIONS INC.CS-QR220all firmware versionsaffected
PLANEX COMMUNICATIONS INC.CS-QR300all firmware versionsaffected

Weaknesses

  • CWE-79: Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References