EUVD-2017-11296

Malware in sbrugna...

Directory Traversal

wrlc is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2017-2223

Cross-site request forgery CSRF vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

JVN#65411235: Multiple I-O DATA network camera products vulnerable to cross-site request forgery

Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Apply the appropriate firmware update...

CVE-2017-2113

Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware...

CVE-2017-2112

TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlie...

Design/Logic Flaw

TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlie...

Design/Logic Flaw

HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier,...

CVE-2017-2112

CVE-2017-2112 is an OS command injection vulnerability in multiple I-O DATA network camera products (e.g., TS-WPTCAM/TS-WPTCAM2, TS-WLCE/TS-WLC2, TS-WRLC, TS-PTCAM/TS-PTCAM/POE). The root cause is an OS command injection via unspecified vectors, allowing a remote attacker to execute arbitrary OS ...

CVE-2017-2113

Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware...

JVN#46830433: Multiple I-O DATA network camera products multiple vulnerabilities

Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. HTTP header injection CWE-113 - CVE-2017-2111 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2|...