cvelistv5 - cve-2018-0663

CVE-2018-0663 (GCVE-0-2018-0663)

Vulnerability from cvelistv5 – Published: 2018-09-07 14:00 – Updated: 2024-08-05 03:35

Summary

Severity ?

No CVSS data available.

CWE

Use of Hard-coded Credentials

Assigner

jpcert

References

URL

Tags

	http://www.iodata.jp/support/information/2018/ts-wrlp/	x_refsource_CONFIRM
	http://jvn.jp/en/jp/JVN83701666/index.html	third-party-advisoryx_refsource_JVN

Impacted products

	Vendor	Product	Version
	I-O DATA DEVICE, INC.	Multiple I-O DATA network camera products	Affected: (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.100Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
          },
          {
            "name": "JVN#83701666",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN83701666/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple I-O DATA network camera products",
          "vendor": "I-O DATA DEVICE, INC.",
          "versions": [
            {
              "status": "affected",
              "version": "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
            }
          ]
        }
      ],
      "datePublic": "2018-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use of Hard-coded Credentials",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-07T13:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
        },
        {
          "name": "JVN#83701666",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN83701666/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0663",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple I-O DATA network camera products",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "I-O DATA DEVICE, INC."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use of Hard-coded Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.iodata.jp/support/information/2018/ts-wrlp/",
              "refsource": "CONFIRM",
              "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
            },
            {
              "name": "JVN#83701666",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN83701666/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0663",
    "datePublished": "2018-09-07T14:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:35:49.100Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:iodata:ts-wrlp_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.09.04\", \"matchCriteriaId\": \"14F0E9A3-3EF6-41FD-83C6-73B1EF59FFC9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:iodata:ts-wrlp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70DEC39A-3EA3-46ED-A974-470910C15047\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:iodata:ts-wrlp\\\\/e_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.09.04\", \"matchCriteriaId\": \"64109D59-1440-4CC5-B883-5EC25DC6DBC7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:iodata:ts-wrlp\\\\/e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8A63749-8B87-42F4-A121-D59F177A38A0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:iodata:ts-wrla_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.09.04\", \"matchCriteriaId\": \"A7797312-68E3-4593-AEA9-09F6847F0C80\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:iodata:ts-wrla:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC800D74-FB71-453E-83CF-6F83FA3503F8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples productos de c\\u00e1maras web I-O DATA (TS-WRLP firmware Ver.1.09.04 y anteriores, TS-WRLA firmware Ver.1.09.04 y anteriores, TS-WRLP/E firmware Ver.1.09.04 y anteriores) emplean credenciales embebidas, lo que podr\\u00eda permitir que un atacante autenticado remoto ejecute comandos arbitrarios del sistema operativo en el dispositivo mediante vectores sin especificar.\"}]",
      "id": "CVE-2018-0663",
      "lastModified": "2024-11-21T03:38:41.593",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-09-07T14:29:03.257",
      "references": "[{\"url\": \"http://jvn.jp/en/jp/JVN83701666/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.iodata.jp/support/information/2018/ts-wrlp/\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://jvn.jp/en/jp/JVN83701666/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.iodata.jp/support/information/2018/ts-wrlp/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0663\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2018-09-07T14:29:03.257\",\"lastModified\":\"2024-11-21T03:38:41.593\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples productos de c\u00e1maras web I-O DATA (TS-WRLP firmware Ver.1.09.04 y anteriores, TS-WRLA firmware Ver.1.09.04 y anteriores, TS-WRLP/E firmware Ver.1.09.04 y anteriores) emplean credenciales embebidas, lo que podr\u00eda permitir que un atacante autenticado remoto ejecute comandos arbitrarios del sistema operativo en el dispositivo mediante vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:iodata:ts-wrlp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.09.04\",\"matchCriteriaId\":\"14F0E9A3-3EF6-41FD-83C6-73B1EF59FFC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:iodata:ts-wrlp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70DEC39A-3EA3-46ED-A974-470910C15047\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:iodata:ts-wrlp\\\\/e_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.09.04\",\"matchCriteriaId\":\"64109D59-1440-4CC5-B883-5EC25DC6DBC7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:iodata:ts-wrlp\\\\/e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8A63749-8B87-42F4-A121-D59F177A38A0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:iodata:ts-wrla_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.09.04\",\"matchCriteriaId\":\"A7797312-68E3-4593-AEA9-09F6847F0C80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:iodata:ts-wrla:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC800D74-FB71-453E-83CF-6F83FA3503F8\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN83701666/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.iodata.jp/support/information/2018/ts-wrlp/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN83701666/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.iodata.jp/support/information/2018/ts-wrlp/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-201809-0632

Vulnerability from variot - Updated: 2023-12-18 12:36

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0632",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ts-wrlp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "iodata",
        "version": "1.09.04"
      },
      {
        "model": "ts-wrla",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "iodata",
        "version": "1.09.04"
      },
      {
        "model": "ts-wrlp\\/e",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "iodata",
        "version": "1.09.04"
      },
      {
        "model": "ts-wrla",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "i o data device",
        "version": "firmware ver.1.09.04"
      },
      {
        "model": "ts-wrlp",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "i o data device",
        "version": "firmware ver.1.09.04"
      },
      {
        "model": "ts-wrlp/e",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "i o data device",
        "version": "firmware ver.1.09.04"
      },
      {
        "model": "ts-wrlp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iodata",
        "version": "1.09.04"
      },
      {
        "model": "ts-wrlp\\/e",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iodata",
        "version": "1.09.04"
      },
      {
        "model": "ts-wrla",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iodata",
        "version": "1.09.04"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-402"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.09.04",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp\\/e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.09.04",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp\\/e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:iodata:ts-wrla_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.09.04",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:iodata:ts-wrla:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0663"
      }
    ]
  },
  "cve": "CVE-2018-0663",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 6.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000089",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000089",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/BS: 5.8AV:L/AC:L/Au:N/C:P/I:P/A:P/BS:4.6",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000089",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P/BS: 4.6",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-118865",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 4.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000089",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 6.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000089",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 6.3",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000089",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 4.3",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2018-000089",
            "trust": 2.4,
            "value": "Medium"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-0663",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-402",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118865",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-402"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0663"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118865"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN83701666",
        "trust": 2.5
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0663",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-402",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-118865",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-402"
      }
    ]
  },
  "id": "VAR-201809-0632",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118865"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:36:33.662000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "I-O DATA DEVICE, INC. website",
        "trust": 0.8,
        "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
      },
      {
        "title": "Multiple I-O DATA Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84696"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-402"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0663"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://jvn.jp/en/jp/jvn83701666/index.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0661"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0662"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0663"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0661"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0662"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0663"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-402"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-118865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-402"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118865"
      },
      {
        "date": "2018-08-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "date": "2018-09-07T14:29:03.257000",
        "db": "NVD",
        "id": "CVE-2018-0663"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-402"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118865"
      },
      {
        "date": "2019-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      },
      {
        "date": "2018-11-01T12:48:05.440000",
        "db": "NVD",
        "id": "CVE-2018-0663"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-402"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-402"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in multiple I-O DATA network camera products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000089"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-402"
      }
    ],
    "trust": 0.6
  }
}

GHSA-M444-29MG-HM99

Vulnerability from github – Published: 2022-05-14 02:02 – Updated: 2022-05-14 02:02

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-07T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector.",
  "id": "GHSA-m444-29mg-hm99",
  "modified": "2022-05-14T02:02:59Z",
  "published": "2022-05-14T02:02:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0663"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN83701666/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.iodata.jp/support/information/2018/ts-wrlp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-0663

Vulnerability from fkie_nvd - Published: 2018-09-07 14:29 - Updated: 2024-11-21 03:38

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN83701666/index.html	Third Party Advisory
vultures@jpcert.or.jp	http://www.iodata.jp/support/information/2018/ts-wrlp/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN83701666/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.iodata.jp/support/information/2018/ts-wrlp/	Vendor Advisory

Impacted products

Vendor	Product	Version
iodata	ts-wrlp_firmware	*
iodata	ts-wrlp	-
iodata	ts-wrlp\/e_firmware	*
iodata	ts-wrlp\/e	-
iodata	ts-wrla_firmware	*
iodata	ts-wrla	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:iodata:ts-wrlp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F0E9A3-3EF6-41FD-83C6-73B1EF59FFC9",
              "versionEndIncluding": "1.09.04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:iodata:ts-wrlp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70DEC39A-3EA3-46ED-A974-470910C15047",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:iodata:ts-wrlp\\/e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64109D59-1440-4CC5-B883-5EC25DC6DBC7",
              "versionEndIncluding": "1.09.04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:iodata:ts-wrlp\\/e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A63749-8B87-42F4-A121-D59F177A38A0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:iodata:ts-wrla_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7797312-68E3-4593-AEA9-09F6847F0C80",
              "versionEndIncluding": "1.09.04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:iodata:ts-wrla:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC800D74-FB71-453E-83CF-6F83FA3503F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples productos de c\u00e1maras web I-O DATA (TS-WRLP firmware Ver.1.09.04 y anteriores, TS-WRLA firmware Ver.1.09.04 y anteriores, TS-WRLP/E firmware Ver.1.09.04 y anteriores) emplean credenciales embebidas, lo que podr\u00eda permitir que un atacante autenticado remoto ejecute comandos arbitrarios del sistema operativo en el dispositivo mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2018-0663",
  "lastModified": "2024-11-21T03:38:41.593",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-07T14:29:03.257",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN83701666/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN83701666/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

JVNDB-2018-000089

Vulnerability from jvndb - Published: 2018-08-07 14:33 - Updated:2019-07-25 16:00

Severity ?

4.7 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Summary

Multiple vulnerabilities in multiple I-O DATA network camera products

Details

Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0663 Yutaka Kokubu and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN83701666/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0661
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0662
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0663
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0661
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0662
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0663
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	I-O DATA DEVICE, INC.	TS-WRLP/E
	I-O DATA DEVICE, INC.	TS-WRLA
	I-O DATA DEVICE, INC.	TS-WRLP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000089.html",
  "dc:date": "2019-07-25T16:00+09:00",
  "dcterms:issued": "2018-08-07T14:33+09:00",
  "dcterms:modified": "2019-07-25T16:00+09:00",
  "description": "Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below.\r\n* Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661\r\n* Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662\r\n* Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663\r\n\r\nThe following researchers reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\nCVE-2018-0661\r\nYutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc.\r\nCVE-2018-0662\r\nDaiki Ichinose of Mitsui Bussan Secure Directions, Inc.\r\nCVE-2018-0663\r\nYutaka Kokubu and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000089.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:i-o_data_device:ts-wrlp%2Fe",
      "@product": "TS-WRLP/E",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:ts-wrla",
      "@product": "TS-WRLA",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:ts-wrlp",
      "@product": "TS-WRLP",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "4.7",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000089",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN83701666/index.html",
      "@id": "JVN#83701666",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0661",
      "@id": "CVE-2018-0661",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0662",
      "@id": "CVE-2018-0662",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0663",
      "@id": "CVE-2018-0663",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0661",
      "@id": "CVE-2018-0661",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0662",
      "@id": "CVE-2018-0662",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0663",
      "@id": "CVE-2018-0663",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in multiple I-O DATA network camera products"
}

GSD-2018-0663

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-0663

Aliases

CVE-2018-0663

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0663",
    "description": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector.",
    "id": "GSD-2018-0663"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0663"
      ],
      "details": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector.",
      "id": "GSD-2018-0663",
      "modified": "2023-12-13T01:22:25.081223Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-0663",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Multiple I-O DATA network camera products",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "I-O DATA DEVICE, INC."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use of Hard-coded Credentials"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.iodata.jp/support/information/2018/ts-wrlp/",
            "refsource": "CONFIRM",
            "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
          },
          {
            "name": "JVN#83701666",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN83701666/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.09.04",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp\\/e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.09.04",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp\\/e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:iodata:ts-wrla_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.09.04",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:iodata:ts-wrla:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0663"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.iodata.jp/support/information/2018/ts-wrlp/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
            },
            {
              "name": "JVN#83701666",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN83701666/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-11-01T12:48Z",
      "publishedDate": "2018-09-07T14:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0663 (GCVE-0-2018-0663)

VAR-201809-0632

GHSA-M444-29MG-HM99

FKIE_CVE-2018-0663

JVNDB-2018-000089

GSD-2018-0663

Tags

Sightings

Nomenclature