{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4621",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Panasonic",
"product": {
"product_data": [
{
"product_name": "Sanyo CCTV Network Camera",
"version": {
"version_data": [
{
"version_value": "VCC-HD5600P version 2.03-06 ",
"version_affected": "="
},
{
"version_value": "VDC-HD3300P version 2.03-08 ",
"version_affected": "="
},
{
"version_value": "VDC-HD3300P version 1.02-05 ",
"version_affected": "="
},
{
"version_value": "VCC-HD3300 version 2.03-02 ",
"version_affected": "="
},
{
"version_value": "VDC-HD3100P version 2.03-00 ",
"version_affected": "="
},
{
"version_value": "VCC-HD2100P version 2.03-02 ",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04"
},
{
"url": "https://archives.connect.panasonic.com/security/sanyo/index.html",
"refsource": "MISC",
"name": "https://archives.connect.panasonic.com/security/sanyo/index.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nPanasonic has stated that Sanyo Electric Camera Systems are no longer in production and released this advisory. All repair requests and other support requests via email or phone will be available.\n\n
"
}
],
"value": "\nPanasonic has stated that Sanyo Electric Camera Systems are no longer in production and released this advisory https://archives.connect.panasonic.com/security/sanyo/index.html . All repair requests and other support requests via email or phone will be available.\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Gjoko Krstic of Zero Science Lab"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}
}