Title: Canon VB-C10R Network Camera Cross-Site Scripting Vulnerability
Severity: MODERATE
Description:
The VB-C10R is a network camera that is distributed and maintained by Canon.
A problem has been identified in Canon VB-C10R Network Camera firmware. The issue could allow attackers to deliver a cross-site scripting attack to victims while using the web server packaged with the camera as the vector.
The Canon VB-C10R does not properly sanitize input supplied in HTTP requests, which is included in dynamically generated web pages. Because of this, it is possible to create a malicious link that, when sent visited by a victim user, results in the rendering of the content in the context of the camera's web server. The content will be executed in the victim's browser.
It should be noted that this issue may not be an issue in the camera firmware itself, but a vulnerability in the Boa web server. The Boa web server is the software component packaged and distributed with Canon VB-C10R firmware. If this is the case, this Bugtraq ID will be updated to reflect the vulnerability in the specific component.
Affected Products:
- Canon VB-C10R 1.0.0 Rev. 21
References:
- <townsend@northlink.com>: XSS vulnerability in Canon webcam
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
