[Japanese]

JVNDB-2017-000204

Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD

Overview

Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below.

* OS command injection (CWE-78) - CVE-2017-10832
* Improper access restriction (CWE-425) - CVE-2017-10833
* Directory traversal (CWE-22) - CVE-2017-10834
* Arbitrary PHP code execution (CWE-94) - CVE-2017-10835

Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

CVSS V3 Severity:
Base Metrics: 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2017-10832.

Base Metrics: 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None

CVSS V3 Severity:
Base Metrics: 6.5 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2017-10833.

Base Metrics: 4.0 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

CVSS V3 Severity:
Base Metrics: 4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2017-10834.

Base Metrics: 6.5 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

CVSS V3 Severity:
Base Metrics: 8.8 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2017-10835.
Affected Products


NIPPON ANNTENA Co.,Ltd.
  • "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier

Impact

* An arbitrary OS command may be executed by a remote attacker - CVE-2017-10832
* Viewing information and modifying of configuration by a remote attacker - CVE-2017-10833
* An arbitrary local file on the product may be accessed by an authenticated attacker - CVE-2017-10834
* Arbitrary PHP code on the product may be executed by an authenticated attacker - CVE-2017-10835
Solution

[Apply a Workaround]
The following workarounds may mitigate the affects of the vulnerabilities.

* Change the factory default password.
* Do not use the product when connected to a public wireless LAN.
* Restrict direct access to the product by placing a broadband router between the product and external network.
Vendor Information

NIPPON ANNTENA Co.,Ltd.
CWE (What is CWE?)

  1. Path Traversal(CWE-22) [IPA Evaluation]
  2. Permissions(CWE-264) [IPA Evaluation]
  3. OS Command Injection(CWE-78) [IPA Evaluation]
  4. Code Injection(CWE-94) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2017-10832
  2. CVE-2017-10833
  3. CVE-2017-10834
  4. CVE-2017-10835
References

  1. JVN : JVN#87410770
Revision History

[2017/08/23]
  Web page was published