CVE-2024-45172 – CVE-2024-45172 is a cross-site request forgery ... (How to Fix)

Q: What is the severity of CVE-2024-45172?

CVE-2024-45172 has a CVSS score of 6.8 (MEDIUM). CVE-2024-45172 is a cross-site request forgery (CSRF) vulnerability in za-internet C-MOR Video Surveillance web interface that allows attackers to trick authenticated users into performing unintended actions. This affects administrators and users of C-MOR Video Surveillance systems who access the web interface while authenticated. Attackers can exploit this to modify system settings, add/delete users, or change surveillance configurations without the victim's knowledge.

📋 TL;DR

CVE-2024-45172 is a cross-site request forgery (CSRF) vulnerability in za-internet C-MOR Video Surveillance web interface that allows attackers to trick authenticated users into performing unintended actions. This affects administrators and users of C-MOR Video Surveillance systems who access the web interface while authenticated. Attackers can exploit this to modify system settings, add/delete users, or change surveillance configurations without the victim's knowledge.

💻 Affected Systems

Products:

za-internet C-MOR Video Surveillance

Versions: 5.2401 and 6.00PL01

Operating Systems: Any OS running C-MOR Video Surveillance

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with web interface enabled are vulnerable. No special configuration required.

📦 What is this software?

C Mor Video Surveillance by C Mor

View all CVEs affecting C Mor Video Surveillance →

C Mor Video Surveillance by C Mor

View all CVEs affecting C Mor Video Surveillance →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers can reconfigure surveillance settings, disable monitoring, add backdoor accounts, or delete critical footage and user accounts.

🟠

Likely Case

Unauthorized configuration changes, user account manipulation, or surveillance system disruption through crafted requests that authenticated users unknowingly execute.

🟢

If Mitigated

Limited impact with proper CSRF protections, network segmentation, and strict access controls preventing successful exploitation.

🌐 Internet-Facing: HIGH - Web interfaces exposed to internet are directly vulnerable to CSRF attacks from malicious websites.

🏢 Internal Only: MEDIUM - Internal users could still be tricked via phishing emails or compromised internal websites.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement. Exploitation requires the victim to be authenticated and visit a malicious page while logged into C-MOR.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

No official patch available. Monitor vendor website for updates and apply immediately when released.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests in the web application

Requires application code modification - consult developer documentation

SameSite Cookie Attribute

all

Set SameSite=Strict or SameSite=Lax attributes on session cookies

Set-Cookie: sessionid=xxx; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

Network segmentation: Isolate C-MOR systems from general user networks and restrict web interface access to trusted IPs only
User awareness: Train users to log out of C-MOR when not actively using it and avoid browsing untrusted websites while authenticated

🔍 How to Verify

Check if Vulnerable:

Test web interface forms for missing CSRF tokens by inspecting HTTP requests for anti-CSRF mechanisms

Check Version:

Check C-MOR web interface footer or about page for version information (typically displays 5.2401 or 6.00PL01)

Verify Fix Applied:

Verify all POST/PUT/DELETE requests include unique, validated CSRF tokens that cannot be predicted

📡 Detection & Monitoring

Log Indicators:

Multiple configuration changes from same user in short timeframe
Unexpected user account modifications
Configuration changes from unusual user agents or referrers

Network Indicators:

HTTP requests to C-MOR interface with missing or predictable CSRF tokens
Requests originating from unexpected referrer domains

SIEM Query:

source="c-mor-logs" AND (action="config_change" OR action="user_modify") | stats count by src_ip, user, action

📊 Metadata

CVE ID: CVE-2024-45172

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: September 4, 2024

Last Updated: September 4, 2025

🔗 References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-022.txt Exploit,Vendor Advisory
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Sep/10 Exploit,Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45172, you might also want to check these: