Lucene search

[email protected]CVE-2017-2111

HistoryApr 28, 2017 - 4:59 p.m.

CVE-2017-2111

2017-04-2816:59:01

CWE-93

[email protected]

web.nvd.nist.gov

cve-2017-2111

http header injection

firmware vulnerability

remote attackers

false information

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.0%

JSON

HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information.

Affected configurations

Vulners

NVD

Node

i-o_data_device\,_inc.ts-wptcamMatch1.18

i-o_data_device\,_inc.ts-wptcam2Match1.00

i-o_data_device\,_inc.ts-wlceMatch1.18

i-o_data_device\,_inc.ts-wlc2Match1.18

i-o_data_device\,_inc.ts-wrlcMatch1.17

i-o_data_device\,_inc.ts-ptcam\/poeMatch1.18

CPENameOperatorVersion
iodata:ts-ptcam\/poe_firmwareiodata ts-ptcam/poe firmwarele1.18

CPE	Name	Operator	Version
iodata:ts-ptcam\/poe_firmware	iodata ts-ptcam/poe firmware	le	1.18

CNA Affected

[
  {
    "product": "TS-WPTCAM",
    "vendor": "I-O DATA DEVICE, INC.",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 1.18 and earlier"
      }
    ]
  },
  {
    "product": "TS-WPTCAM2",
    "vendor": "I-O DATA DEVICE, INC.",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 1.00"
      }
    ]
  },
  {
    "product": "TS-WLCE",
    "vendor": "I-O DATA DEVICE, INC.",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 1.18 and earlier"
      }
    ]
  },
  {
    "product": "TS-WLC2",
    "vendor": "I-O DATA DEVICE, INC.",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 1.18 and earlier"
      }
    ]
  },
  {
    "product": "TS-WRLC",
    "vendor": "I-O DATA DEVICE, INC.",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 1.17 and earlier"
      }
    ]
  },
  {
    "product": "TS-PTCAM/POE",
    "vendor": "I-O DATA DEVICE, INC.",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 1.18 and earlier"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN46830433/index.html

www.iodata.jp/support/information/2017/camera201702/

www.securityfocus.com/bid/96620

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.0%

JSON

Related for CVE-2017-2111

cvelist1 prion1 nvd1 jvn1