CVE-2017-2111

Description

HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information.

Related CPE's

oiodatats-ptcam\/poe_firmware********

hiodatats-ptcam\/poe-*******

oiodatats-ptcam_firmware********

hiodatats-ptcam-*******

oiodatats-wrlc_firmware********

hiodatats-wrlc-*******

oiodatats-wlc2_firmware********

hiodatats-wlc2-*******

oiodatats-wlce_firmware********

hiodatats-wlce-*******

References

http://www.iodata.jp/support/information/2017/camera201702/

Vendor Advisory

JVN#46830433

Third Party AdvisoryVDB Entry

96620

Third Party AdvisoryVDB Entry

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

LOW

AttackComplexity

LOW

Scope

CHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

LOW

PrivilegesRequired

NONE

BaseScore

6.1

VectorString

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Version

3.0

UserInteraction

REQUIRED

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

4.300000190734863

Created by Yello
About Severity.io