Search criteria
16 vulnerabilities found for CHOCO TEI WATCHER mini (IB-MCT001) by Inaba Denki Sangyo Co., Ltd.
JVNDB-2025-022062
Vulnerability from jvndb - Published: 2025-12-17 11:28 - Updated:2025-12-17 11:28
Severity ?
Summary
Multiple vulnerabilities in CHOCO TEI WATCHER mini
Details
CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.
- Clickjacking (CWE-1021) - CVE-2025-59479
- Improper check for unusual conditions (CWE-754) - CVE-2025-61976
- Improper check for unusual conditions (CWE-754) - CVE-2025-66357
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-022062.html",
"dc:date": "2025-12-17T11:28+09:00",
"dcterms:issued": "2025-12-17T11:28+09:00",
"dcterms:modified": "2025-12-17T11:28+09:00",
"description": "CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eClickjacking (CWE-1021) - CVE-2025-59479\u003c/li\u003e\u003cli\u003eImproper check for unusual conditions (CWE-754) - CVE-2025-61976\u003c/li\u003e\u003cli\u003eImproper check for unusual conditions (CWE-754) - CVE-2025-66357\u003c/li\u003e\u003c/ul\u003eJTEKT ELECTRONICS Quality Control Dept. reported these vulnerabilities to Inaba Denki Sangyo Co., Ltd. and coordinated. After the coordination was completed, Inaba Denki Sangyo Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-022062.html",
"sec:cpe": {
"#text": "cpe:/o:inaba:choco_tei_watcher_mini",
"@product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"@vendor": "INABA DENKI SANGYO CO., LTD.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-022062",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92827367/index.html",
"@id": "JVNVU#92827367",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-59479",
"@id": "CVE-2025-59479",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-61976",
"@id": "CVE-2025-61976",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-66357",
"@id": "CVE-2025-66357",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1021.html",
"@id": "CWE-1021",
"@title": "Improper Restriction of Rendered UI Layers or Frames(CWE-1021)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/754.html",
"@id": "CWE-754",
"@title": "Improper Check for Unusual or Exceptional Conditions(CWE-754)"
}
],
"title": "Multiple vulnerabilities in CHOCO TEI WATCHER mini"
}
JVNDB-2025-002592
Vulnerability from jvndb - Published: 2025-03-26 13:25 - Updated:2025-03-26 13:25
Severity ?
Summary
Multiple vulnerabilities in CHOCO TEI WATCHER mini
Details
CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.
* Use of client-side authentication (CWE-603) - CVE-2025-24517
* Storing passwords in a recoverable format (CWE-257) - CVE-2025-24852
* Weak password requirements (CWE-521) - CVE-2025-25211
* Forced browsing (CWE-425) - CVE-2025-26689
Andrea Palanca of Nozomi Networks reported these vulnerabilities to the developer and CISA ICS.
JPCERT/CC coordinated with the reporter, CISA ICS, and the developer.
References
| Type | URL | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002592.html",
"dc:date": "2025-03-26T13:25+09:00",
"dcterms:issued": "2025-03-26T13:25+09:00",
"dcterms:modified": "2025-03-26T13:25+09:00",
"description": "CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.\r\n\r\n* Use of client-side authentication (CWE-603) - CVE-2025-24517\r\n* Storing passwords in a recoverable format (CWE-257) - CVE-2025-24852\r\n* Weak password requirements (CWE-521) - CVE-2025-25211\r\n* Forced browsing (CWE-425) - CVE-2025-26689\r\n\r\nAndrea Palanca of Nozomi Networks reported these vulnerabilities to the developer and CISA ICS.\r\nJPCERT/CC coordinated with the reporter, CISA ICS, and the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002592.html",
"sec:cpe": {
"#text": "cpe:/o:inaba:choco_tei_watcher_mini",
"@product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"@vendor": "INABA DENKI SANGYO CO., LTD.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-002592",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91154745/index.html",
"@id": "JVNVU#91154745",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-24517",
"@id": "CVE-2025-24517",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-24852",
"@id": "CVE-2025-24852",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-25211",
"@id": "CVE-2025-25211",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-26689",
"@id": "CVE-2025-26689",
"@source": "CVE"
},
{
"#text": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04",
"@id": "ICSA-25-084-04",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording",
"@id": "Unpatched Vulnerabilities in Production Line Cameras May Allow Remote Surveillance, Hinder Stoppage Recording",
"@source": "Related document"
},
{
"#text": "https://cwe.mitre.org/data/definitions/257.html",
"@id": "CWE-257",
"@title": "Storing Passwords in a Recoverable Format(CWE-257)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/425.html",
"@id": "CWE-425",
"@title": "Direct Request (\u0027Forced Browsing\u0027)(CWE-425)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/521.html",
"@id": "CWE-521",
"@title": "Weak Password Requirements(CWE-521)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/603.html",
"@id": "CWE-603",
"@title": "Use of Client-Side Authentication(CWE-603)"
}
],
"title": "Multiple vulnerabilities in CHOCO TEI WATCHER mini"
}
CVE-2025-66357 (GCVE-0-2025-66357)
Vulnerability from nvd – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:38
VLAI?
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally.
Severity ?
5.3 (Medium)
CWE
- CWE-754 - Improper check for unusual or exceptional conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:38:30.843201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T20:38:43.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product\u0027s resources may be consumed abnormally."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "Improper check for unusual or exceptional conditions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:35.968Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-66357",
"datePublished": "2025-12-16T04:48:35.968Z",
"dateReserved": "2025-11-27T14:15:05.859Z",
"dateUpdated": "2025-12-16T20:38:43.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61976 (GCVE-0-2025-61976)
Vulnerability from nvd – Published: 2025-12-16 04:48 – Updated: 2025-12-16 19:54
VLAI?
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive.
Severity ?
CWE
- CWE-754 - Improper check for unusual or exceptional conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T19:54:23.462879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:54:44.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "Improper check for unusual or exceptional conditions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:21.754Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-61976",
"datePublished": "2025-12-16T04:48:21.754Z",
"dateReserved": "2025-11-27T14:14:59.287Z",
"dateUpdated": "2025-12-16T19:54:44.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59479 (GCVE-0-2025-59479)
Vulnerability from nvd – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:44
VLAI?
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product.
Severity ?
4.3 (Medium)
CWE
- CWE-1021 - Improper restriction of rendered UI layers or frames
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:39:03.166776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T20:44:46.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:29.861Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-59479",
"datePublished": "2025-12-16T04:48:29.861Z",
"dateReserved": "2025-11-27T14:15:04.880Z",
"dateUpdated": "2025-12-16T20:44:46.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26689 (GCVE-0-2025-26689)
Vulnerability from nvd – Published: 2025-03-31 04:49 – Updated: 2025-03-31 15:58
VLAI?
Summary
Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.
Severity ?
9.8 (Critical)
CWE
- CWE-425 - Direct request ('Forced Browsing')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T15:58:43.306787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T15:58:55.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Direct request (\u0027Forced Browsing\u0027) issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "Direct request (\u0027Forced Browsing\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:49:30.059Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26689",
"datePublished": "2025-03-31T04:49:30.059Z",
"dateReserved": "2025-02-13T01:13:10.937Z",
"dateUpdated": "2025-03-31T15:58:55.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25211 (GCVE-0-2025-25211)
Vulnerability from nvd – Published: 2025-03-31 04:49 – Updated: 2025-03-31 16:01
VLAI?
Summary
Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
Severity ?
9.8 (Critical)
CWE
- CWE-521 - Weak password requirements
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:00:36.292801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:01:20.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "Weak password requirements",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:49:19.439Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25211",
"datePublished": "2025-03-31T04:49:19.439Z",
"dateReserved": "2025-02-13T01:13:11.820Z",
"dateUpdated": "2025-03-31T16:01:20.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24852 (GCVE-0-2025-24852)
Vulnerability from nvd – Published: 2025-03-31 04:49 – Updated: 2025-03-31 16:02
VLAI?
Summary
Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.
Severity ?
4.6 (Medium)
CWE
- CWE-257 - Storing passwords in a recoverable format
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:01:40.322037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:02:38.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Storing passwords in a recoverable format",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:49:07.988Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24852",
"datePublished": "2025-03-31T04:49:07.988Z",
"dateReserved": "2025-02-13T01:13:13.769Z",
"dateUpdated": "2025-03-31T16:02:38.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24517 (GCVE-0-2025-24517)
Vulnerability from nvd – Published: 2025-03-31 04:48 – Updated: 2025-03-31 12:59
VLAI?
Summary
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.
Severity ?
7.5 (High)
CWE
- CWE-603 - Use of client-side authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:59:27.616832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:59:34.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-603",
"description": "Use of client-side authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:48:57.473Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24517",
"datePublished": "2025-03-31T04:48:57.473Z",
"dateReserved": "2025-02-13T01:13:12.880Z",
"dateUpdated": "2025-03-31T12:59:34.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66357 (GCVE-0-2025-66357)
Vulnerability from cvelistv5 – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:38
VLAI?
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally.
Severity ?
5.3 (Medium)
CWE
- CWE-754 - Improper check for unusual or exceptional conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:38:30.843201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T20:38:43.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product\u0027s resources may be consumed abnormally."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "Improper check for unusual or exceptional conditions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:35.968Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-66357",
"datePublished": "2025-12-16T04:48:35.968Z",
"dateReserved": "2025-11-27T14:15:05.859Z",
"dateUpdated": "2025-12-16T20:38:43.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59479 (GCVE-0-2025-59479)
Vulnerability from cvelistv5 – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:44
VLAI?
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product.
Severity ?
4.3 (Medium)
CWE
- CWE-1021 - Improper restriction of rendered UI layers or frames
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:39:03.166776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T20:44:46.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:29.861Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-59479",
"datePublished": "2025-12-16T04:48:29.861Z",
"dateReserved": "2025-11-27T14:15:04.880Z",
"dateUpdated": "2025-12-16T20:44:46.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61976 (GCVE-0-2025-61976)
Vulnerability from cvelistv5 – Published: 2025-12-16 04:48 – Updated: 2025-12-16 19:54
VLAI?
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive.
Severity ?
CWE
- CWE-754 - Improper check for unusual or exceptional conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T19:54:23.462879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:54:44.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "Improper check for unusual or exceptional conditions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:21.754Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-61976",
"datePublished": "2025-12-16T04:48:21.754Z",
"dateReserved": "2025-11-27T14:14:59.287Z",
"dateUpdated": "2025-12-16T19:54:44.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26689 (GCVE-0-2025-26689)
Vulnerability from cvelistv5 – Published: 2025-03-31 04:49 – Updated: 2025-03-31 15:58
VLAI?
Summary
Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.
Severity ?
9.8 (Critical)
CWE
- CWE-425 - Direct request ('Forced Browsing')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T15:58:43.306787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T15:58:55.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Direct request (\u0027Forced Browsing\u0027) issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "Direct request (\u0027Forced Browsing\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:49:30.059Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26689",
"datePublished": "2025-03-31T04:49:30.059Z",
"dateReserved": "2025-02-13T01:13:10.937Z",
"dateUpdated": "2025-03-31T15:58:55.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25211 (GCVE-0-2025-25211)
Vulnerability from cvelistv5 – Published: 2025-03-31 04:49 – Updated: 2025-03-31 16:01
VLAI?
Summary
Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
Severity ?
9.8 (Critical)
CWE
- CWE-521 - Weak password requirements
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:00:36.292801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:01:20.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "Weak password requirements",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:49:19.439Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25211",
"datePublished": "2025-03-31T04:49:19.439Z",
"dateReserved": "2025-02-13T01:13:11.820Z",
"dateUpdated": "2025-03-31T16:01:20.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24852 (GCVE-0-2025-24852)
Vulnerability from cvelistv5 – Published: 2025-03-31 04:49 – Updated: 2025-03-31 16:02
VLAI?
Summary
Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.
Severity ?
4.6 (Medium)
CWE
- CWE-257 - Storing passwords in a recoverable format
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:01:40.322037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:02:38.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Storing passwords in a recoverable format",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:49:07.988Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24852",
"datePublished": "2025-03-31T04:49:07.988Z",
"dateReserved": "2025-02-13T01:13:13.769Z",
"dateUpdated": "2025-03-31T16:02:38.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24517 (GCVE-0-2025-24517)
Vulnerability from cvelistv5 – Published: 2025-03-31 04:48 – Updated: 2025-03-31 12:59
VLAI?
Summary
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.
Severity ?
7.5 (High)
CWE
- CWE-603 - Use of client-side authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:59:27.616832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:59:34.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-603",
"description": "Use of client-side authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:48:57.473Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24517",
"datePublished": "2025-03-31T04:48:57.473Z",
"dateReserved": "2025-02-13T01:13:12.880Z",
"dateUpdated": "2025-03-31T12:59:34.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}