Japan Vulnerability NotesJVN:75437943JVN#75437943: Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure
6.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
27.3%
Video Multi-Tenant System Entrance Stations provided by AIPHONE CO., LTD. contain an information disclosure vulnerability (CWE-200).
Impact
An attacker who can obtain specific information of the product and access the product may obtain sensitive information stored in the device.
Solution
Use the products with the fixed firmware
According to the developer, the vulnerability has been fixed since December 2021.
Please inquire the developer the information on the support of the products released before December 2021.
Products Affected
- GT-DMB-N with firmware versions prior to 3.00
- GT-DMB with firmware versions prior to 3.00
- GT-DMB-LVN with firmware versions prior to 3.00
- GT-DB-VN with firmware versions prior to 2.00
Related
6.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
27.3%