CVE-2024-26367 in MViP-II Firmware
Summary
by MITRE • 05/14/2024
Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE-* Build 1467, evEDGE-EO-* Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code via a crafted payload to the login parameters.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/30/2025
The CVE-2024-26367 vulnerability represents a critical cross site scripting flaw affecting Evertz Microsystems network video processing equipment including MViP-II firmware versions and various XPS-EDGE, evEDGE-EO, MMA10G, and 570IPG-X19-10G devices. This vulnerability resides in the authentication handling mechanisms of these industrial network video systems, specifically within the login parameter processing functionality. The flaw enables remote attackers to inject malicious scripts into the authentication flow, potentially compromising the entire system through unauthorized access or code execution.
The technical nature of this vulnerability stems from insufficient input validation and sanitization within the web interface login parameters of the affected firmware versions. Attackers can craft malicious payloads that exploit the lack of proper escaping or filtering mechanisms in the authentication handling code. When the system processes these malformed login parameters, the embedded scripts execute within the context of authenticated users' browsers, creating a persistent cross site scripting vector that can be leveraged for session hijacking, data exfiltration, or further system compromise. This vulnerability directly maps to CWE-79 which defines Cross-site Scripting as a weakness where untrusted data is sent to a web browser without proper validation or escaping.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with a foothold for more sophisticated attacks against industrial network video infrastructure. Remote exploitation allows threat actors to potentially gain unauthorized access to video surveillance systems, manipulate video feeds, access system configuration parameters, or establish persistent backdoors. The affected devices operate in critical infrastructure environments where video surveillance and monitoring systems are essential for security operations, making this vulnerability particularly dangerous for organizations relying on these systems for perimeter security, access control, or operational monitoring. The vulnerability also aligns with ATT&CK technique T1566 which covers social engineering tactics through malicious links or scripts, and T1071 which involves application layer protocols for command and control communications.
Organizations must implement immediate mitigations including firmware updates from Evertz Microsystems addressing the specific XSS vulnerability in the affected device models, network segmentation to isolate these critical systems from general network traffic, and enhanced monitoring of authentication logs for suspicious activity. Additional protective measures should include implementing web application firewalls to filter malicious payloads, disabling unnecessary web interfaces where possible, and conducting thorough penetration testing to identify additional attack vectors. The vulnerability demonstrates the critical importance of maintaining up-to-date firmware in industrial control systems and highlights the need for proper input validation in all network-facing components of security infrastructure equipment.