Unrated severityNVD Advisory· Published Jan 3, 2019· Updated Aug 5, 2024
CVE-2018-18005
CVE-2018-18005
Description
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.
Affected products
1- Range: firmware 0x06x to 0x08x
Patches
Vulnerability mechanics
References
2- download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdfmitrex_refsource_CONFIRM
- blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.