VYPR

Vendor CVEs

Panasonic

All CVEs

42 total · sorted by risk
  • CVE-2017-2133HigOct 20, 2017
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2025-11223HigOct 3, 2025
    risk 0.51cvss 7.8epss 0.00

    Installer of Panasonic AutoDownloader version 1.2.8 contains an issue with the DLL search path, which may lead to loading a crafted DLL file in the same directory.

  • CVE-2024-7013HigAug 21, 2024
    risk 0.51cvss 7.8epss 0.00

    Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.

  • CVE-2025-1073HigApr 10, 2025
    risk 0.49cvss 7.5epss 0.00

    Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.

  • CVE-2017-2132HigOct 20, 2017
    risk 0.49cvss 7.5epss 0.01

    Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors.

  • CVE-2017-5151HigFeb 13, 2017
    risk 0.48cvss 7.3epss 0.02

    An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution.

  • CVE-2016-4498MedMay 12, 2016
    risk 0.36cvss 5.5epss 0.01

    Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2017-2131MedOct 20, 2017
    risk 0.35cvss 5.3epss 0.01

    Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors.

  • CVE-2024-4162MedMay 8, 2024
    risk 0.29cvss 4.4epss 0.00

    A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may allow attackers malicious read access to memory.

  • CVE-2016-4499MedMay 12, 2016
    risk 0.27cvss 4.2epss 0.01

    Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors.

  • CVE-2016-4497MedMay 12, 2016
    risk 0.27cvss 4.2epss 0.01

    Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

  • CVE-2016-4496MedMay 12, 2016
    risk 0.27cvss 4.2epss 0.00

    Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow.

  • CVE-2015-4648Jul 6, 2015
    risk 0.01cvss epss 0.06

    Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method.

  • CVE-2023-6315Dec 19, 2023
    risk 0.00cvss epss 0.00

    Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.

  • CVE-2023-6314Dec 19, 2023
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.

  • CVE-2023-3472Sep 6, 2023
    risk 0.00cvss epss 0.00

    Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.

  • CVE-2023-3471Sep 6, 2023
    risk 0.00cvss epss 0.00

    Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.

  • CVE-2023-28730Jul 21, 2023
    risk 0.00cvss epss 0.00

    A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

  • CVE-2023-28729Jul 21, 2023
    risk 0.00cvss epss 0.00

    A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

  • CVE-2023-28728Jul 21, 2023
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

  • CVE-2023-28727Mar 31, 2023
    risk 0.00cvss epss 0.00

    Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.

  • CVE-2023-28726Mar 31, 2023
    risk 0.00cvss epss 0.01

    Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands.

  • CVE-2022-4621Jan 17, 2023
    risk 0.00cvss epss 0.00

    Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.

  • CVE-2021-32972Jul 9, 2021
    risk 0.00cvss epss 0.01

    Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the…

  • CVE-2020-16236Jan 25, 2021
    risk 0.00cvss epss 0.01

    FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2020-29194Dec 28, 2020
    risk 0.00cvss epss 0.01

    Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI.

  • CVE-2020-29193Dec 28, 2020
    risk 0.00cvss epss 0.00

    Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order).

  • CVE-2020-11716May 20, 2020
    risk 0.00cvss epss 0.01

    Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support."

  • CVE-2020-11715May 19, 2020
    risk 0.00cvss epss 0.01

    Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support."

  • CVE-2019-15429Nov 14, 2019
    risk 0.00cvss epss 0.00

    The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized…

  • CVE-2019-15378Nov 14, 2019
    risk 0.00cvss epss 0.00

    The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows…

  • CVE-2019-15376Nov 14, 2019
    risk 0.00cvss epss 0.00

    The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows…

  • CVE-2019-6532Jun 7, 2019
    risk 0.00cvss epss 0.04

    Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.

  • CVE-2019-6530Jun 7, 2019
    risk 0.00cvss epss 0.07

    Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.

  • CVE-2018-0678Jan 9, 2019
    risk 0.00cvss epss 0.01

    Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors.

  • CVE-2018-0676Jan 9, 2019
    risk 0.00cvss epss 0.01

    BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors.

  • CVE-2018-0677Jan 9, 2019
    risk 0.00cvss epss 0.01

    BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.

  • CVE-2015-4647Jul 6, 2015
    risk 0.00cvss epss 0.06

    Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method.

  • CVE-2014-9596Jan 15, 2015
    risk 0.00cvss epss 0.01

    Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to…

  • CVE-2014-8756Oct 17, 2014
    risk 0.00cvss epss 0.04

    The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address.

  • CVE-2014-8755Oct 17, 2014
    risk 0.00cvss epss 0.03

    Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory."

  • CVE-2008-3482Aug 5, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.