All the vulnerabilites related to PLANEX COMMUNICATIONS INC. - MZK-DP300N
jvndb-2024-000101
Vulnerability from jvndb
Published
2024-09-24 15:26
Modified
2024-09-24 15:26
Severity ?
7.1 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Summary
Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices
Details
Multiple network devices (network cameras and a router) provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below.<ul><li>Cross-site request forgery (CWE-352) - CVE-2024-45372</li><li>Cross-site scripting vulnerability in the web management page (CWE-79) - CVE-2024-45836</li></ul> CVE-2024-45372 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2024-45836 Ryota Honda, Akihito Takeuchi, Daichi Uezono, Junnosuke Kushibiki, Ryu Kuki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
References
JVN https://jvn.jp/en/jp/JVN81966868/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2024-45372
CVE https://www.cve.org/CVERecord?id=CVE-2024-45836
Cross-Site Request Forgery(CWE-352) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
PLANEX COMMUNICATIONS INC.CS-QR10
PLANEX COMMUNICATIONS INC.CS-QR20
PLANEX COMMUNICATIONS INC.CS-QR22
PLANEX COMMUNICATIONS INC.CS-QR220
PLANEX COMMUNICATIONS INC.CS-QR300
PLANEX COMMUNICATIONS INC.MZK-DP300N
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000101.html",
  "dc:date": "2024-09-24T15:26+09:00",
  "dcterms:issued": "2024-09-24T15:26+09:00",
  "dcterms:modified": "2024-09-24T15:26+09:00",
  "description": "Multiple network devices (network cameras and a router) provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eCross-site request forgery (CWE-352) - CVE-2024-45372\u003c/li\u003e\u003cli\u003eCross-site scripting vulnerability in the web management page (CWE-79) - CVE-2024-45836\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2024-45372\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2024-45836\r\nRyota Honda, Akihito Takeuchi, Daichi Uezono, Junnosuke Kushibiki, Ryu Kuki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000101.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:planex:cs-qr10",
      "@product": "CS-QR10",
      "@vendor": "PLANEX COMMUNICATIONS INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:planex:cs-qr20",
      "@product": "CS-QR20",
      "@vendor": "PLANEX COMMUNICATIONS INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:planex:cs-qr22",
      "@product": "CS-QR22",
      "@vendor": "PLANEX COMMUNICATIONS INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:planex:cs-qr220",
      "@product": "CS-QR220",
      "@vendor": "PLANEX COMMUNICATIONS INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:planex:cs-qr300",
      "@product": "CS-QR300",
      "@vendor": "PLANEX COMMUNICATIONS INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:planex:mzk-dp300n",
      "@product": "MZK-DP300N",
      "@vendor": "PLANEX COMMUNICATIONS INC.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.1",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000101",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN81966868/index.html",
      "@id": "JVN#81966868",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-45372",
      "@id": "CVE-2024-45372",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-45836",
      "@id": "CVE-2024-45836",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices"
}

cve-2024-45372
Vulnerability from cvelistv5
Published
2024-09-26 04:06
Modified
2024-09-26 13:38
Severity ?
Summary
MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.
References
https://www.planex.co.jp/support/download/mzk-dp300n/
https://jvn.jp/en/jp/JVN81966868/
Impacted products
PLANEX COMMUNICATIONS INC.MZK-DP300N
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45372",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T13:37:59.352659Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T13:38:09.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MZK-DP300N",
          "vendor": "PLANEX COMMUNICATIONS INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions 1.04 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-site request forgery (CSRF)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-26T04:06:47.174Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.planex.co.jp/support/download/mzk-dp300n/"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN81966868/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-45372",
    "datePublished": "2024-09-26T04:06:47.174Z",
    "dateReserved": "2024-09-10T06:57:25.565Z",
    "dateUpdated": "2024-09-26T13:38:09.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}