[Japanese]

JVNDB-2007-000301

Canon Network Camera Server VB100 Series vulnerable to cross-site scripting

Overview

Canon Network Camera Server VB100 Series contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Canon
  • Canon Network Camera Server VB150 firmware Ver. 1.1 Rev.39 and earlier
  • Canon Network Camera Server VB100 and VB101 firmware Ver. 3.0 Rev.69 and earlier

Impact

An arbitrary script may be executed in the camera server management screen.
Solution

Vendor Information

Canon
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2007-2680
References

  1. JVN : JVN#06735665
  2. National Vulnerability Database (NVD) : CVE-2007-2680
  3. Secunia Advisory : SA24940
  4. FrSIRT Advisories : FrSIRT/ADV-2007-1461
Revision History

  • [2008/05/21]
      Web page published