[Japanese]

JVNDB-2025-022062

Multiple vulnerabilities in CHOCO TEI WATCHER mini

Overview

CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.
  • Clickjacking (CWE-1021) - CVE-2025-59479
  • Improper check for unusual conditions (CWE-754) - CVE-2025-61976
  • Improper check for unusual conditions (CWE-754) - CVE-2025-66357
JTEKT ELECTRONICS Quality Control Dept. reported these vulnerabilities to Inaba Denki Sangyo Co., Ltd. and coordinated. After the coordination was completed, Inaba Denki Sangyo Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.5 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2025-61976

CVSS V3 Severity:
Base Metrics:5.3 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2025-66357

CVSS V3 Severity:
Base Metrics:4.3 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-59479
Affected Products


INABA DENKI SANGYO CO., LTD.
  • CHOCO TEI WATCHER mini (IB-MCT001) all versions

Impact

  • If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product (CVE-2025-59479)
  • If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive (CVE-2025-61976)
  • When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally (CVE-2025-66357)
Solution

[Apply the Workaround]
The following workaround could mitigate the impacts of these vulnerabilities.
  • Use the product within LAN and restrict access from untrusted networks and hosts
  • Use a firewall or virtual private network (VPN) to prevent unauthorized access and restrict internet access to a minimum when internet access is required
For more details, refer to the information provided by the developer.
Vendor Information

INABA DENKI SANGYO CO., LTD.
CWE (What is CWE?)

  1. Improper Restriction of Rendered UI Layers or Frames(CWE-1021) [Other]
  2. Improper Check for Unusual or Exceptional Conditions(CWE-754) [Other]
CVE (What is CVE?)

  1. CVE-2025-59479
  2. CVE-2025-61976
  3. CVE-2025-66357
References

  1. JVN : JVNVU#92827367
Revision History

  • [2025/12/17]
      Web page was published

Date Public2025/12/16
Date First Published2025/12/17
Date Last Updated2025/12/17