CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0576 – Mobotix M15 player cross site scripting
https://notcve.org/view.php?id=CVE-2025-0576
19 Jan 2025 — A vulnerability was found in Mobotix M15 4.3.4.83 and classified as problematic. This issue affects some unknown processing of the file /control/player?center&eventlist&pda&dummy_for_reload=1736177631&p_evt. The manipulation of the argument p_qual leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.292541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30018
https://notcve.org/view.php?id=CVE-2022-30018
19 May 2022 — Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations. Mobotix Control Center (MxCC) versiones hasta 2.5.4.5, presenta unas credenciales insuficientemente protegidas, almacenando las contraseñas en un formato recuperable por medio d... • https://github.com/PurplePetrus/MxCC_Credential-Storage_issue/blob/main/MxCC_improper_credential_storage • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12502
https://notcve.org/view.php?id=CVE-2019-12502
31 May 2019 — There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI. hay una ausencia de contramedidas para vulnerabilidad de tipo CSRF en las cámaras MOBOTIX S14 MX- versión V4.2.1.61, como es demostrado al agregar una cuenta de administrador mediante el archivo URI /admin/access. • https://gist.github.com/llandeilocymro/55a61e3730cdef56ab5806a677ba0891 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2CVE-2009-5154
https://notcve.org/view.php?id=CVE-2009-5154
09 Feb 2019 — An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. Se ha descubierto un problema en dispositivos MOBOTIX S14 MX-V4.2.1.61. Hay una contraseña por defecto "meinsm" para la cuenta de administrador. • https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2019-7674
https://notcve.org/view.php?id=CVE-2019-7674
09 Feb 2019 — An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user. Se ha descubierto un problema en dispositivos MOBOTIX S14 MX-V4.2.1.61. /admin/access acepta una petición de un usuario para establecer la contraseña "aaaaa", que se considera insegura para algunos casos de uso. • https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7673
https://notcve.org/view.php?id=CVE-2019-7673
09 Feb 2019 — An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format. Se ha descubierto un problema en dispositivos MOBOTIX S14 MX-V4.2.1.61. Las credenciales de administrador están almacenadas en formato hash DES de 13 caracteres. • https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-7675
https://notcve.org/view.php?id=CVE-2019-7675
09 Feb 2019 — An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI. Se ha descubierto un problema en dispositivos MOBOTIX S14 MX-V4.2.1.61. La aplicación de gestión por defecto se distribuye en HTTP en texto claro mediante Basic Authentication, tal y como queda demostrado por el URI /admin/index.html. • https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 3%CPEs: 4EXPL: 9CVE-2006-2490 – obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - 'eventplayer?get_image_info_abspath' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2490
19 May 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar. • https://www.exploit-db.com/exploits/27894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •