CVE-2024-45177 – CVE-2024-45177 is a persistent cross-site scrip... (How to Fix)

📋 TL;DR

CVE-2024-45177 is a persistent cross-site scripting vulnerability in za-internet C-MOR Video Surveillance software that allows attackers to inject malicious scripts into camera configuration pages. These scripts execute when other users view those pages, potentially stealing credentials or performing unauthorized actions. Organizations using affected C-MOR versions for video surveillance are impacted.

💻 Affected Systems

Products:

za-internet C-MOR Video Surveillance

Versions: 5.2401 and 6.00PL01

Operating Systems: Any OS running C-MOR software

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with web interface enabled are vulnerable. The vulnerability exists in camera configuration functionality.

📦 What is this software?

C Mor Video Surveillance by C Mor

View all CVEs affecting C Mor Video Surveillance →

C Mor Video Surveillance by C Mor

View all CVEs affecting C Mor Video Surveillance →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take full control of the surveillance system, manipulate video feeds, or pivot to internal networks.

🟠

Likely Case

Attackers steal session cookies or credentials to gain unauthorized access to the surveillance system, potentially viewing or manipulating camera feeds.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized before execution, preventing exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the web interface. Public proof-of-concept details are available in the referenced advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Monitor vendor website for security updates
2. Apply patches when available
3. Verify fix by testing XSS payloads in camera configuration

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement server-side validation and proper output encoding for all user inputs in camera configuration fields

Content Security Policy

all

Implement strict Content Security Policy headers to restrict script execution

Add header: Content-Security-Policy: default-src 'self'; script-src 'self'

🧯 If You Can't Patch

Restrict network access to C-MOR web interface using firewall rules
Implement web application firewall (WAF) with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Test camera configuration fields with XSS payloads like <script>alert('XSS')</script> and check if script executes when viewing the page

Check Version:

Check C-MOR version in web interface or configuration files

Verify Fix Applied:

Retest with XSS payloads after applying controls - scripts should not execute and should be properly encoded in output

📡 Detection & Monitoring

Log Indicators:

Unusual script tags or JavaScript in camera configuration requests
Multiple failed XSS attempts

Network Indicators:

HTTP requests containing script tags to camera configuration endpoints
Unusual traffic patterns to /cgi-bin/ paths

SIEM Query:

source="c-mor" AND (http_uri="*cgi-bin*" AND http_query="*<script>*")

📊 Metadata

CVE ID: CVE-2024-45177

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: September 4, 2024

Last Updated: September 4, 2025

🔗 References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-021.txt Exploit,Vendor Advisory
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Sep/9 Exploit,Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45177, you might also want to check these: