Sql injection

2020-01-2215:15:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges.

CPENameOperatorVersion
hnmswvms_firmwareeq<= vms560
hnmswvmslt_firmwareeq<= vms560
maxpro_nvr_pe_firmwarele5.6
maxpro_nvr_se_firmwarele5.6
maxpro_nvr_xe_firmwarele5.6
mpnvrswxx_firmwarele5.6

Name	Operator	Version
hnmswvms_firmware	eq	<= vms560
hnmswvmslt_firmware	eq	<= vms560
maxpro_nvr_pe_firmware	le	5.6
maxpro_nvr_se_firmware	le	5.6
maxpro_nvr_xe_firmware	le	5.6
mpnvrswxx_firmware	le	5.6

References

www.us-cert.gov/ics/advisories/icsa-20-021-01