|
[Japanese]
|
JVNDB-2024-000002
|
Thermal camera TMC series vulnerable to insufficient technical documentation
|
|
Thermal camera TMC series provided by THREE R SOLUTION CORP. JAPAN are vulnerable to insufficient technical documentation (CWE-1059).
The related documentation does not describe the existence of the network interface, nor the internal storage for pictures and measurement data.
Hiroyuki Harada of Sapporo Gakuin University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 2.1 (Low) [IPA Score]
- Attack Vector: physics
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
CVSS V2 Severity:
Base Metrics 1.7 (Low) [IPA Score]
- Access Vector: Local
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
|
|
All firmware versions of the following thermal cameras are affected by this vulnerability.
|
3R SOLUTION Corp
- 3R-TMC01
- 3R-TMC02
- 3R-TMC03
- 3R-TMC04
- 3R-TMC05
- 3R-TMC06
|
|
|
The user of the affected product is not aware of the internally saved data.
By accessing the affected product physically, an attacker may retrieve the internal data.
|
|
[Apply the workaround]
Apply the workaround according to the information provided by the developer.
For more information, refer to the information provided by the developer.
|
|
3R SOLUTION Corp
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2024-22028
|
|
- JVN : JVN#96240417
- National Vulnerability Database (NVD) : CVE-2024-22028
|
|
- [2024/01/15]
Web page was published
- [2024/03/11]
References : Content was added
|
