Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-24709

Published: 21/03/2023 Updated: 10/04/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Ipr512 Firmware

Vulnerability Summary

An issue found in Paradox Security Systems IPR512 allows malicious users to cause a denial of service via the login.html and login.xml parameters.

Vulnerable Product Search on Vulmon Subscribe to Product

paradox ipr512_firmware -

Exploits

Exploit DB: Paradox Security Systems IPR512 Denial Of Service
Paradox Security Systems version IPR512 suffers from a denial of service vulnerability ...

Github Repositories

https://github.com/SlashXzerozero/Injection-vulnerability-in-Paradox-Security-Systems-IPR512

In Paradox Security System IPR512 Web console login form page, attacker can input JavaScript string, such as "</script>" that will overwrite configurations in the file "login.xml" and cause the login page to crash.

Injection vulnerability in Paradox Security Systems IPR512 - CVE-2023-24709 PoC In Paradox Security System IPR512 Web console login form page, attacker can input JavaScript string, such as &lt;/script&gt; that will overwrite configurations in the file "loginxml" and cause the login form to crash and make it unavailable !!!WARNING!!! Be aware that it will mak

https://github.com/SlashXzerozero/Injection-vulnerability-in-Paradox-Security-Systems-IPR512-CVE-2023-24709-PoC

In Paradox Security System IPR512 Web console login form page, attacker can input JavaScript string, such as "</script>" that will overwrite configurations in the file "login.xml" and cause the login page to crash.

Injection vulnerability in Paradox Security Systems IPR512 - CVE-2023-24709 PoC In Paradox Security System IPR512 Web console login form page, attacker can input JavaScript string, such as &lt;/script&gt; that will overwrite configurations in the file "loginxml" and cause the login form to crash and make it unavailable !!!WARNING!!! Be aware that it will mak

References

CWE-94https://github.com/sunktitanic/Injection-vulnerability-in-Paradox-Security-Systems-IPR512https://github.com/SlashXzerozero/Injection-vulnerability-in-Paradox-Security-Systems-IPR512http://packetstormsecurity.com/files/171783/Paradox-Security-Systems-IPR512-Denial-Of-Service.htmlhttps://nvd.nist.govhttps://github.com/SlashXzerozero/Injection-vulnerability-in-Paradox-Security-Systems-IPR512https://packetstormsecurity.com/files/171783/Paradox-Security-Systems-IPR512-Denial-Of-Service.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook