Vendor CVEs
Panasonic
All CVEs
42 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2133 | Hig | 0.57 | 8.8 | 0.01 | Oct 20, 2017 | SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2025-11223 | Hig | 0.51 | 7.8 | 0.00 | Oct 3, 2025 | Installer of Panasonic AutoDownloader version 1.2.8 contains an issue with the DLL search path, which may lead to loading a crafted DLL file in the same directory. | ||
| CVE-2024-7013 | Hig | 0.51 | 7.8 | 0.00 | Aug 21, 2024 | Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. | ||
| CVE-2025-1073 | Hig | 0.49 | 7.5 | 0.00 | Apr 10, 2025 | Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device. | ||
| CVE-2017-2132 | Hig | 0.49 | 7.5 | 0.01 | Oct 20, 2017 | Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors. | ||
| CVE-2017-5151 | Hig | 0.48 | 7.3 | 0.02 | Feb 13, 2017 | An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. | ||
| CVE-2016-4498 | Med | 0.36 | 5.5 | 0.01 | May 12, 2016 | Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2017-2131 | Med | 0.35 | 5.3 | 0.01 | Oct 20, 2017 | Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. | ||
| CVE-2024-4162 | Med | 0.29 | 4.4 | 0.00 | May 8, 2024 | A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may allow attackers malicious read access to memory. | ||
| CVE-2016-4499 | Med | 0.27 | 4.2 | 0.01 | May 12, 2016 | Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. | ||
| CVE-2016-4497 | Med | 0.27 | 4.2 | 0.01 | May 12, 2016 | Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | ||
| CVE-2016-4496 | Med | 0.27 | 4.2 | 0.00 | May 12, 2016 | Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. | ||
| CVE-2015-4648 | 0.01 | — | 0.06 | Jul 6, 2015 | Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method. | |||
| CVE-2023-6315 | 0.00 | — | 0.00 | Dec 19, 2023 | Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. | |||
| CVE-2023-6314 | 0.00 | — | 0.00 | Dec 19, 2023 | Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. | |||
| CVE-2023-3472 | 0.00 | — | 0.00 | Sep 6, 2023 | Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code. | |||
| CVE-2023-3471 | 0.00 | — | 0.00 | Sep 6, 2023 | Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code. | |||
| CVE-2023-28730 | 0.00 | — | 0.00 | Jul 21, 2023 | A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | |||
| CVE-2023-28729 | 0.00 | — | 0.00 | Jul 21, 2023 | A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | |||
| CVE-2023-28728 | 0.00 | — | 0.00 | Jul 21, 2023 | A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | |||
| CVE-2023-28727 | 0.00 | — | 0.00 | Mar 31, 2023 | Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. | |||
| CVE-2023-28726 | 0.00 | — | 0.01 | Mar 31, 2023 | Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands. | |||
| CVE-2022-4621 | 0.00 | — | 0.00 | Jan 17, 2023 | Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges. | |||
| CVE-2021-32972 | 0.00 | — | 0.01 | Jul 9, 2021 | Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the… | |||
| CVE-2020-16236 | 0.00 | — | 0.01 | Jan 25, 2021 | FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. | |||
| CVE-2020-29194 | 0.00 | — | 0.01 | Dec 28, 2020 | Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI. | |||
| CVE-2020-29193 | 0.00 | — | 0.00 | Dec 28, 2020 | Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order). | |||
| CVE-2020-11716 | 0.00 | — | 0.01 | May 20, 2020 | Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support." | |||
| CVE-2020-11715 | 0.00 | — | 0.01 | May 19, 2020 | Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support." | |||
| CVE-2019-15429 | 0.00 | — | 0.00 | Nov 14, 2019 | The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized… | |||
| CVE-2019-15378 | 0.00 | — | 0.00 | Nov 14, 2019 | The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows… | |||
| CVE-2019-15376 | 0.00 | — | 0.00 | Nov 14, 2019 | The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows… | |||
| CVE-2019-6532 | 0.00 | — | 0.04 | Jun 7, 2019 | Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution. | |||
| CVE-2019-6530 | 0.00 | — | 0.07 | Jun 7, 2019 | Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. | |||
| CVE-2018-0678 | 0.00 | — | 0.01 | Jan 9, 2019 | Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors. | |||
| CVE-2018-0676 | 0.00 | — | 0.01 | Jan 9, 2019 | BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors. | |||
| CVE-2018-0677 | 0.00 | — | 0.01 | Jan 9, 2019 | BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2015-4647 | 0.00 | — | 0.06 | Jul 6, 2015 | Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method. | |||
| CVE-2014-9596 | 0.00 | — | 0.01 | Jan 15, 2015 | Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to… | |||
| CVE-2014-8756 | 0.00 | — | 0.04 | Oct 17, 2014 | The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address. | |||
| CVE-2014-8755 | 0.00 | — | 0.03 | Oct 17, 2014 | Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory." | |||
| CVE-2008-3482 | 0.00 | — | 0.01 | Aug 5, 2008 | Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.51cvss 7.8epss 0.00
Installer of Panasonic AutoDownloader version 1.2.8 contains an issue with the DLL search path, which may lead to loading a crafted DLL file in the same directory.
- risk 0.51cvss 7.8epss 0.00
Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
- risk 0.49cvss 7.5epss 0.00
Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.
- risk 0.49cvss 7.5epss 0.01
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors.
- risk 0.48cvss 7.3epss 0.02
An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution.
- risk 0.36cvss 5.5epss 0.01
Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- risk 0.35cvss 5.3epss 0.01
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors.
- risk 0.29cvss 4.4epss 0.00
A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may allow attackers malicious read access to memory.
- risk 0.27cvss 4.2epss 0.01
Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors.
- risk 0.27cvss 4.2epss 0.01
Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
- risk 0.27cvss 4.2epss 0.00
Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow.
- CVE-2015-4648Jul 6, 2015risk 0.01cvss —epss 0.06
Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method.
- CVE-2023-6315Dec 19, 2023risk 0.00cvss —epss 0.00
Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
- CVE-2023-6314Dec 19, 2023risk 0.00cvss —epss 0.00
Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
- CVE-2023-3472Sep 6, 2023risk 0.00cvss —epss 0.00
Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.
- CVE-2023-3471Sep 6, 2023risk 0.00cvss —epss 0.00
Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.
- CVE-2023-28730Jul 21, 2023risk 0.00cvss —epss 0.00
A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
- CVE-2023-28729Jul 21, 2023risk 0.00cvss —epss 0.00
A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
- CVE-2023-28728Jul 21, 2023risk 0.00cvss —epss 0.00
A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
- CVE-2023-28727Mar 31, 2023risk 0.00cvss —epss 0.00
Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.
- CVE-2023-28726Mar 31, 2023risk 0.00cvss —epss 0.01
Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands.
- CVE-2022-4621Jan 17, 2023risk 0.00cvss —epss 0.00
Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.
- CVE-2021-32972Jul 9, 2021risk 0.00cvss —epss 0.01
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the…
- CVE-2020-16236Jan 25, 2021risk 0.00cvss —epss 0.01
FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.
- CVE-2020-29194Dec 28, 2020risk 0.00cvss —epss 0.01
Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI.
- CVE-2020-29193Dec 28, 2020risk 0.00cvss —epss 0.00
Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order).
- CVE-2020-11716May 20, 2020risk 0.00cvss —epss 0.01
Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support."
- CVE-2020-11715May 19, 2020risk 0.00cvss —epss 0.01
Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support."
- CVE-2019-15429Nov 14, 2019risk 0.00cvss —epss 0.00
The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized…
- CVE-2019-15378Nov 14, 2019risk 0.00cvss —epss 0.00
The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows…
- CVE-2019-15376Nov 14, 2019risk 0.00cvss —epss 0.00
The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows…
- CVE-2019-6532Jun 7, 2019risk 0.00cvss —epss 0.04
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.
- CVE-2019-6530Jun 7, 2019risk 0.00cvss —epss 0.07
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.
- CVE-2018-0678Jan 9, 2019risk 0.00cvss —epss 0.01
Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors.
- CVE-2018-0676Jan 9, 2019risk 0.00cvss —epss 0.01
BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors.
- CVE-2018-0677Jan 9, 2019risk 0.00cvss —epss 0.01
BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.
- CVE-2015-4647Jul 6, 2015risk 0.00cvss —epss 0.06
Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method.
- CVE-2014-9596Jan 15, 2015risk 0.00cvss —epss 0.01
Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to…
- CVE-2014-8756Oct 17, 2014risk 0.00cvss —epss 0.04
The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address.
- CVE-2014-8755Oct 17, 2014risk 0.00cvss —epss 0.03
Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory."
- CVE-2008-3482Aug 5, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.