[Japanese]

JVNDB-2025-000028

i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key

Overview

i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below.

* Use of hard-coded cryptographic key (CWE-321)

Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated.
After the coordination was completed, i-PRO Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.5 (Medium) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


i-PRO Co., Ltd.
  • (multiple products) Network System for i-PRO Co., Ltd. Surveillance Cameras and Recorders

As for the details of affected product names and versions, refer to the information provided by the developer.
Impact

Accessing the tool may allow a local authenticated attacker to use the authentication information from the last connected surveillance cameras and recorders.
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

i-PRO Co., Ltd.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-32730
References

  1. JVN : JVN#84627857
Revision History

  • [2025/04/24]
      Web page was published

Date Public2025/04/24
Date First Published2025/04/24
Date Last Updated2025/04/24