JVNDB-2025-000037

[Japanese]
JVNDB-2025-000037
Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery
Overview
Multiple surveillance cameras provided by i-PRO Co., Ltd. contain the following vulnerability. Cross-Site Request Forgery (CSRF) (CWE-352) - CVE-2025-36513 Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated. After the coordination was completed, i-PRO Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 4.3 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality Impact: None Integrity Impact: Low Availability Impact: None
Affected Products

i-PRO Co., Ltd. (multiple products) Surveillance cameras provided by i-PRO Co., Ltd.
As for the details of affected product names and versions, refer to the information provided by the developer.
Impact
If a user views a crafted page while logged in to the affected product, unintended operations may be performed.
Solution
[Update the software] Update the software to the latest version according to the information provided by the developer.
Vendor Information
i-PRO Co., Ltd. i-PRO Co., Ltd. : Advisory i-PRO Co., Ltd. : Download
CWE (What is CWE?)
Cross-Site Request Forgery(CWE-352) [IPA Evaluation]
CVE (What is CVE?)
CVE-2025-36513
References
JVN : JVN#10964289
Revision History
[2025/06/06] Web page was published


Date Public	2025/06/06
Date First Published	2025/06/06
Date Last Updated	2025/06/06

Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery