Security Advisories

2025-05-30

Contributor: Diego Giubertoni from Nozomi Networks Inc.
Product: Network Camera WV-X Series, WV-S Series, and WV-U Series updated on May 29-30, 2025 (see below)
Affected versions: prior to 2.80/2.85/3.45 (see below)
Fixed version: 2.80/2.85/3.45 (see below)
References: 
    Updated models and versions
    JVN#10964289
Vulnerabilities:

• CVE-2025-36513 (CVSS v3: 4.3)
  Cross-Site Request Forgery (CSRF) vulnerability in several network cameras

2025-04-11

Contributor: Diego Giubertoni from Nozomi Networks Inc.
Product: i-PRO Configuration Tool (iCT)
Affected versions: prior to 4.30
Fixed version: 4.30
References: 
    Release Note
    Download
    JVN#84627857
Vulnerabilities:

• CVE-2025-32730　(CVSS v3: 5.5)
  Vulnerability in the use of hardcoded encryption keys in several i-PRO configuration tool.

2023-08-31

Contributor: Michael Heinzl
Product: VI Web Client
Affected versions: prior to 7.9.6
Fixed version: 7.9.6
References: 
    Release Note
    Download
    JVN#60140221
Vulnerabilities:

• CVE-2023-38574　(CVSS v3: 4.7 )
  Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
• CVE-2023-39938 (CVSS v3: 6.1)
  Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script.
• CVE-2023-40535 (CVSS v3: 5.4)
  Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.
• CVE-2023-40705 (CVSS v3: 5.4)
  Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.