CVE-2025-0576
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into the Mobotix M15 web interface via the p_qual parameter, enabling cross-site scripting (XSS) attacks. It affects Mobotix M15 security camera systems running version 4.3.4.83. The attack can be executed remotely without authentication.
💻 Affected Systems
- Mobotix M15
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, hijack user sessions, deface the web interface, or redirect users to malicious sites, potentially gaining full control of the camera system.
Likely Case
Attackers would typically use this to steal session cookies or credentials from authenticated users, enabling unauthorized access to the camera system.
If Mitigated
With proper input validation and output encoding, the XSS payload would be neutralized and rendered harmless.
🎯 Exploit Status
Exploit has been publicly disclosed and requires minimal technical skill to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Contact Mobotix support for guidance.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Mobotix cameras from internet access and restrict network access to authorized management systems only.
Web Application Firewall
allDeploy a WAF with XSS protection rules to filter malicious requests to the /control/player endpoint.
🧯 If You Can't Patch
- Implement strict input validation on the p_qual parameter to reject suspicious characters
- Enable Content Security Policy (CSP) headers to mitigate XSS impact
🔍 How to Verify
Check if Vulnerable:
Test by accessing /control/player?center&eventlist&pda&dummy_for_reload=1736177631&p_evt with a test XSS payload in p_qual parameterCheck Version:
Check web interface version in camera administration panel or via SSH: cat /etc/versionVerify Fix Applied:
Verify that XSS payloads are properly sanitized or rejected when submitted via the p_qual parameter📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /control/player containing script tags or JavaScript in p_qual parameter
- Unusual access patterns to camera web interface
Network Indicators:
- HTTP requests with suspicious parameters to camera IP on port 80/443
- Outbound connections from camera to unexpected destinations
SIEM Query:
source="mobotix_logs" AND uri="/control/player" AND (param="p_qual" AND value CONTAINS "script" OR "javascript" OR "onload" OR "onerror")