CVE-2024-57272 – This vulnerability allows attackers to inject m... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into SecuSTATION Camera web interfaces, which execute when viewed by administrators or users. It affects SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and earlier versions. Attackers could steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:

SecuSTATION Camera

Versions: V2.5.5.3116-S50-SMA-B20160811A and lower

Operating Systems: Embedded camera firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations using affected firmware versions are vulnerable. Web interface must be accessible for exploitation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains administrative access to camera system, modifies configurations, disables security features, or uses camera as pivot point into internal network.

🟠

Likely Case

Attacker steals administrator session cookies, gains unauthorized access to camera management interface, and potentially compromises other connected systems.

🟢

If Mitigated

Script execution is blocked by browser security features or web application firewalls, limiting impact to minor UI disruption.

🌐 Internet-Facing: HIGH - Cameras exposed to internet are directly accessible to attackers without network access requirements.

🏢 Internal Only: MEDIUM - Requires attacker to have internal network access or compromised internal system to reach camera interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains proof-of-concept. XSS vulnerabilities are commonly weaponized in automated attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Contact vendor for updated firmware
2. Backup camera configuration
3. Upload new firmware via web interface
4. Reboot camera
5. Restore configuration if needed

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cameras on separate VLAN without internet access

Web Application Firewall

all

Deploy WAF with XSS protection rules in front of camera interface

🧯 If You Can't Patch

Disable camera web interface if not required for operations
Implement strict network access controls allowing only trusted IPs to access camera interface

🔍 How to Verify

Check if Vulnerable:

Access camera web interface and attempt XSS payload injection in input fields. Check firmware version matches affected range.

Check Version:

Login to camera web interface → System → About → Check firmware version

Verify Fix Applied:

Test same XSS payloads after update to confirm they are properly sanitized or blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual long parameter values in web logs
Multiple failed login attempts followed by successful access
JavaScript or script tags in URL parameters

Network Indicators:

HTTP requests with script tags or JavaScript in parameters
Unusual outbound connections from camera to external IPs

SIEM Query:

source="camera_web_logs" AND (url="*<script>*" OR param="*javascript:*" OR param="*onload=*" OR param="*onerror=*")

📊 Metadata

CVE ID: CVE-2024-57272

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.07% exploit probability (21.7th percentile)

Published: January 27, 2025

Last Updated: January 28, 2025

🔗 References

https://github.com/kklzzcun/Camera/blob/main/SecureSTATION%20%E5%AD%98%E5%9C%A8%E5%8F%8D%E5%B0%84%E5%BD%A2XSS%E6%BC%8F%E6%B4%9E.md

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57272, you might also want to check these: