CVE-2024-45836

MEDIUM EPSS 14.6%

Published Sep 26, 20241y ago · Modified Jun 17, 20261w ago

6.1 CVSS 3.1

Medium

Published Sep 26, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user.

CVSS Details

Base Score

6.1

Exploitability

2.8

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

14.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 10

Vendor	Product	Version	Range
planex	cs-qr10_firmware	*	any
planex	cs-qr10	*	any
planex	cs-qr20_firmware	*	any
planex	cs-qr20	*	any
planex	cs-qr22_firmware	*	any
planex	cs-qr22	*	any
planex	cs-qr220_firmware	*	any
planex	cs-qr220	*	any
planex	cs-qr300_firmware	*	any
planex	cs-qr300	*	any

References 1

jvn.jp https://jvn.jp/en/jp/JVN81966868/

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.