PanasonicCVEs & Vulnerabilities

42 CVEs affecting Panasonic products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

fpwin pro 8kx-hjb1000 firmware 6control fpwin pro 5video insight vms 3kx-hjb1000 3bn-sdwbp3 firmware 3bn-sdwbp3 3eluga ray 530 2
CVE-2023-6315HIGH

Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.

19 Dec 2023
7.8
CVSS
CVE-2023-6314HIGH

Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.

19 Dec 2023
7.8
CVSS
CVE-2023-3472HIGH

Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.

6 Sep 2023
7.8
CVSS
CVE-2023-3471HIGH

Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.

6 Sep 2023
7.8
CVSS
CVE-2023-28730HIGH

A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

21 Jul 2023
7.8
CVSS
CVE-2023-28729HIGH

A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

21 Jul 2023
7.8
CVSS
CVE-2023-28728HIGH

A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

21 Jul 2023
7.8
CVSS
CVE-2023-28727HIGH

Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.

31 Mar 2023
8.8
CVSS
CVE-2023-28726HIGH

Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands.

31 Mar 2023
8.8
CVSS
CVE-2022-4621HIGH

Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.

17 Jan 2023
8.8
CVSS
CVE-2021-32972MEDIUM

Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software.

9 Jul 2021
5.5
CVSS
CVE-2021-20623CRITICAL

Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.

5 Feb 2021
9.8
CVSS
CVE-2020-16236HIGH

FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.

26 Jan 2021
7.8
CVSS
CVE-2020-29194HIGH

Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI.

28 Dec 2020
7.5
CVSS
CVE-2020-29193MEDIUM

Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order).

28 Dec 2020
6.8
CVSS
CVE-2020-11716CRITICAL

Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support."

20 May 2020
9.8
CVSS
CVE-2019-5997CRITICAL

Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors.

20 May 2020
9.8
CVSS
CVE-2020-11715CRITICAL

Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support."

19 May 2020
9.8
CVSS
CVE-2019-15429HIGH

The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device.

14 Nov 2019
7.8
CVSS
CVE-2019-15378MEDIUM

The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

14 Nov 2019
5.5
CVSS
CVE-2019-15376MEDIUM

The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

14 Nov 2019
5.5
CVSS
CVE-2019-5996HIGH

SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

12 Sep 2019
8.8
CVSS
CVE-2019-6532HIGH

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.

7 Jun 2019
7.8
CVSS
CVE-2019-6530HIGH

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.

7 Jun 2019
7.8
CVSS
CVE-2018-16183HIGH

An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

10 Jan 2019
7.8
CVSS
CVE-2018-0678MEDIUM

Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors.

10 Jan 2019
6.8
CVSS
CVE-2018-0677MEDIUM

BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.

10 Jan 2019
6.8
CVSS
CVE-2018-0676HIGH

BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors.

10 Jan 2019
8.8
CVSS
CVE-2017-2133HIGH

SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

20 Oct 2017
8.8
CVSS
CVE-2017-2132HIGH

Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors.

20 Oct 2017
7.5
CVSS
CVE-2017-2131MEDIUM

Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors.

20 Oct 2017
5.3
CVSS
CVE-2017-5151HIGH

An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution.

13 Feb 2017
7.3
CVSS
CVE-2016-4499MEDIUM

Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors.

12 May 2016
4.2
CVSS
CVE-2016-4498MEDIUM

Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors.

12 May 2016
5.5
CVSS
CVE-2016-4497MEDIUM

Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

12 May 2016
4.2
CVSS
CVE-2016-4496MEDIUM

Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow.

12 May 2016
4.2
CVSS
CVE-2015-4648HIGH

Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method.

6 Jul 2015
7.5
CVSS
CVE-2015-4647MEDIUM

Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method.

6 Jul 2015
6.8
CVSS
CVE-2014-9596MEDIUM

Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information.

16 Jan 2015
4.3
CVSS
CVE-2014-8756MEDIUM

The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address.

17 Oct 2014
6.8
CVSS
CVE-2014-8755MEDIUM

Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory."

17 Oct 2014
6.8
CVSS
CVE-2008-3482MEDIUM

Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5 Aug 2008
4.3
CVSS
← PrevPage 1 / 1Next →