Visonic CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Visonic CVE published 2017-02-13

CVE-2016-5813

CVE-2016-5813 is a medium-severity information disclosure flaw in Visonic PowerLink2 firmware. According to the NVD description, accessing a specific image URL can cause the downloaded image response to carry source code used by the web server. The issue applies to all versions prior to the October 2016 firmware release. The published CVSS v3.0 vector is network-reachable with no privileges or user intera [truncated]

MEDIUM Visonic CVE published 2017-02-13

CVE-2016-5811

CVE-2016-5811 is a cross-site scripting issue in Visonic PowerLink2 firmware. According to the NVD description, user-controlled input is not neutralized before being placed in web page output, affecting all versions prior to the October 2016 firmware release. The published CVSS v3.1 score is 6.1 (medium), with network attack vector, no privileges required, and user interaction required.