[Japanese]

JVNDB-2024-000002

Thermal camera TMC series vulnerable to insufficient technical documentation

Overview

Thermal camera TMC series provided by THREE R SOLUTION CORP. JAPAN are vulnerable to insufficient technical documentation (CWE-1059).
The related documentation does not describe the existence of the network interface, nor the internal storage for pictures and measurement data.

Hiroyuki Harada of Sapporo Gakuin University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 2.1 (Low) [IPA Score]
  • Attack Vector: physics
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 1.7 (Low) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products

All firmware versions of the following thermal cameras are affected by this vulnerability.

3R SOLUTION Corp
  • 3R-TMC01
  • 3R-TMC02
  • 3R-TMC03
  • 3R-TMC04
  • 3R-TMC05
  • 3R-TMC06

Impact

The user of the affected product is not aware of the internally saved data.
By accessing the affected product physically, an attacker may retrieve the internal data.
Solution

[Apply the workaround]
Apply the workaround according to the information provided by the developer.

For more information, refer to the information provided by the developer.
Vendor Information

3R SOLUTION Corp
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2024-22028
References

  1. JVN : JVN#96240417
Revision History

  • [2024/01/15]
      Web page was published