CVE-2022-4621

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-4621
Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://archives.connect.panasonic.com/security/sanyo/index.html Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:panasonic:vcc-hd5600p_firmware:2.03-06:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:vcc-hd5600p:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:panasonic:vcc-hd3300p_firmware:1.02-05:*:*:*:*:*:*:*
cpe:2.3:o:panasonic:vcc-hd3300p_firmware:2.03-08:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:vcc-hd3300p:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:panasonic:vcc-hd3300_firmware:2.03-02:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:vcc-hd3300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:panasonic:vcc-hd2100p_firmware:2.03-02:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:vcc-hd2100p:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:panasonic:vcc-hd3100p_firmware:2.03-00:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:vcc-hd3100p:-:*:*:*:*:*:*:*
History

07 Nov 2023, 03:58

Type Values Removed Values Added
Summary Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges. Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.

24 Jan 2023, 21:01

Type Values Removed Values Added
References (MISC) https://archives.connect.panasonic.com/security/sanyo/index.html - (MISC) https://archives.connect.panasonic.com/security/sanyo/index.html - Vendor Advisory
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:o:panasonic:vcc-hd3300p_firmware:1.02-05:*:*:*:*:*:*:*
cpe:2.3:o:panasonic:vcc-hd3300_firmware:2.03-02:*:*:*:*:*:*:*
cpe:2.3:o:panasonic:vcc-hd3300p_firmware:2.03-08:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:vcc-hd3100p:-:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:vcc-hd2100p:-:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:vcc-hd5600p:-:*:*:*:*:*:*:*
cpe:2.3:o:panasonic:vcc-hd3100p_firmware:2.03-00:*:*:*:*:*:*:*
cpe:2.3:o:panasonic:vcc-hd2100p_firmware:2.03-02:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:vcc-hd3300p:-:*:*:*:*:*:*:*
cpe:2.3:o:panasonic:vcc-hd5600p_firmware:2.03-06:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:vcc-hd3300:-:*:*:*:*:*:*:*
First Time Panasonic vcc-hd3300
Panasonic vcc-hd3100p
Panasonic vcc-hd2100p Firmware
Panasonic vcc-hd3300 Firmware
Panasonic vcc-hd5600p
Panasonic vcc-hd5600p Firmware
Panasonic vcc-hd2100p
Panasonic vcc-hd3300p
Panasonic vcc-hd3100p Firmware
Panasonic
Panasonic vcc-hd3300p Firmware

17 Jan 2023, 18:55

Type Values Removed Values Added
New CVE
Information

Published : 2023-01-17 17:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-4621

Mitre link : CVE-2022-4621

CVE.ORG link : CVE-2022-4621

JSON object : View

Products Affected

panasonic

  • vcc-hd2100p_firmware
  • vcc-hd3300p_firmware
  • vcc-hd3100p
  • vcc-hd5600p_firmware
  • vcc-hd3100p_firmware
  • vcc-hd3300p
  • vcc-hd3300_firmware
  • vcc-hd2100p
  • vcc-hd5600p
  • vcc-hd3300
CWE
CWE-352

Cross-Site Request Forgery (CSRF)