CVE-2019-13407: Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-13407

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi

Source: NVD (National Vulnerability Database)

Vulnerability Description

A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

AndroVideo Advan VD-1 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

AndroVideo Advan VD-1是中国台湾AndroVideo公司的一款安防摄像头。使用230及之前版本固件的AndroVideo Advan VD-1中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
AndroVideo	Advan VD-1 firmware	up to 230	-

II. Public POCs for CVE-2019-13407

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-13407

Please Login to view more intelligence information

http://surl.twcert.org.tw/SpTwhx_refsource_CONFIRM
https://tvn.twcert.org.tw/taiwanvn/TVN-201906008x_refsource_CONFIRM
https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-mdx_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2019-13407

New Vulnerabilities

Product: Advan VD-1 firmware

Vendor: AndroVideo

Same weakness: CWE-79

V. Comments for CVE-2019-13407

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2019-13407

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-13407

III. Intelligence Information for CVE-2019-13407

New Vulnerabilities

V. Comments for CVE-2019-13407

Leave a comment