[Japanese]

JVNDB-2014-000087

Multiple I-O DATA IP Cameras vulnerable to authentication bypass

Overview

Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability.
CVSS Severity (What is CVSS?)

Base Metrics: 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


I-O DATA DEVICE, INC.
  • TS-PTCAM firmware version 1.08 and earlier
  • TS-PTCAM/POE firmware version 1.08 and earlier
  • TS-WLC2 firmware version 1.02 and earlier
  • TS-WLCAM firmware version 1.06 and earlier
  • TS-WLCAM/V firmware version 1.06 and earlier
  • TS-WPTCAM firmware version 1.08 and earlier

Impact

An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product.
Solution

[Apply an update]
Update to the latest version of the firmware according to the information provided by the developer.
Vendor Information

I-O DATA DEVICE, INC.
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-3895
References

  1. JVN : JVN#94592501
  2. National Vulnerability Database (NVD) : CVE-2014-3895
  3. IPA SECURITY ALERTS : Security Alert for Multiple I-O DATA IP Cameras vulnerable to authentication bypass (JVN#94592501) (in Japanese)
Revision History

[2014/07/29]
  Web page was published
[2014/08/01]
  References : Content was added