Details of VAR-201706-0090

ID

VAR-201706-0090

CVE

CVE-2016-7814

TITLE

Multiple I-O DATA network camera products vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2016-000221

DESCRIPTION

I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability (CWE-200). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information such as authentication credentials may be disclosed by an attacker who can access the product. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2016-7814 // JVNDB: JVNDB-2016-000221 // CNVD: CNVD-2016-11326 // BID: 94250 // VULHUB: VHN-96634

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-11326

AFFECTED PRODUCTS

vendor:	iodata	model:	ts-wrla	scope:	lte	version:	1.00.01	Trust: 1.0
vendor:	iodata	model:	ts-wrlp	scope:	lte	version:	1.00.01	Trust: 1.0
vendor:	i o data device	model:	ts-wrla	scope:	lte	version:	firmware version 1.00.01	Trust: 0.8
vendor:	i o data device	model:	ts-wrlp	scope:	lte	version:	firmware version 1.00.01	Trust: 0.8
vendor:	i o	model:	data ts-wrlp	scope:	lte	version:	<=1.00.01	Trust: 0.6
vendor:	i o	model:	data ts-wrla	scope:	lte	version:	<=1.00.01	Trust: 0.6
vendor:	iodata	model:	ts-wrla	scope:	eq	version:	1.00.01	Trust: 0.6
vendor:	iodata	model:	ts-wrlp	scope:	eq	version:	1.00.01	Trust: 0.6
vendor:	i o	model:	data device ts-wrlp	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	i o	model:	data device ts-wrla	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	i o	model:	data device ts-wrlp	scope:	ne	version:	1.1.2	Trust: 0.3
vendor:	i o	model:	data device ts-wrla	scope:	ne	version:	1.1.2	Trust: 0.3

sources: CNVD: CNVD-2016-11326 // BID: 94250 // JVNDB: JVNDB-2016-000221 // CNNVD: CNNVD-201611-354 // NVD: CVE-2016-7814

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7814
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2016-000221
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-11326
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201611-354
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-96634
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7814
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2016-000221
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-11326
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-96634
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7814
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
IPA:	JVNDB-2016-000221
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2016-11326 // VULHUB: VHN-96634 // JVNDB: JVNDB-2016-000221 // CNNVD: CNNVD-201611-354 // NVD: CVE-2016-7814

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-96634 // JVNDB: JVNDB-2016-000221 // NVD: CVE-2016-7814

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-354

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201611-354

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-000221

PATCH

title:	I-O DATA DEVICE, INC. website	url:	http://www.iodata.jp/support/information/2016/ts-wrlap/	Trust: 0.8
title:	Patches for multiple I-ODATANetworkCamera product information disclosure vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/84086	Trust: 0.6
title:	I-O DATA Network camera Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65715	Trust: 0.6

sources: CNVD: CNVD-2016-11326 // JVNDB: JVNDB-2016-000221 // CNNVD: CNNVD-201611-354

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7814	Trust: 3.4
db:	JVN	id:	JVN34103586	Trust: 2.8
db:	BID	id:	94250	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-000221	Trust: 0.8
db:	CNVD	id:	CNVD-2016-11326	Trust: 0.6
db:	CNNVD	id:	CNNVD-201611-354	Trust: 0.6
db:	VULHUB	id:	VHN-96634	Trust: 0.1

sources: CNVD: CNVD-2016-11326 // VULHUB: VHN-96634 // BID: 94250 // JVNDB: JVNDB-2016-000221 // CNNVD: CNNVD-201611-354 // NVD: CVE-2016-7814

REFERENCES

url:	https://jvn.jp/en/jp/jvn34103586/index.html	Trust: 2.5
url:	http://www.securityfocus.com/bid/94250	Trust: 2.3
url:	http://www.iodata.jp/support/information/2016/ts-wrlap/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7814	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7814	Trust: 0.8
url:	http://www.iodata.jp/	Trust: 0.3
url:	http://jvn.jp/en/jp/jvn34103586/index.html jvn#34103586	Trust: 0.3
url:	http://www.iodata.jp/support/information/2016/ts-wrlap/	Trust: 0.3

sources: CNVD: CNVD-2016-11326 // VULHUB: VHN-96634 // BID: 94250 // JVNDB: JVNDB-2016-000221 // CNNVD: CNNVD-201611-354 // NVD: CVE-2016-7814

CREDITS

Taizoh Tsukamoto of Mitsui Bussan Secure Directions

Trust: 0.9

sources: BID: 94250 // CNNVD: CNNVD-201611-354

SOURCES

db:	CNVD	id:	CNVD-2016-11326
db:	VULHUB	id:	VHN-96634
db:	BID	id:	94250
db:	JVNDB	id:	JVNDB-2016-000221
db:	CNNVD	id:	CNNVD-201611-354
db:	NVD	id:	CVE-2016-7814

LAST UPDATE DATE

2025-04-20T23:32:53.834000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-11326	date:	2016-11-21T00:00:00
db:	VULHUB	id:	VHN-96634	date:	2017-06-16T00:00:00
db:	BID	id:	94250	date:	2016-11-24T01:09:00
db:	JVNDB	id:	JVNDB-2016-000221	date:	2018-01-17T00:00:00
db:	CNNVD	id:	CNNVD-201611-354	date:	2017-06-12T00:00:00
db:	NVD	id:	CVE-2016-7814	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-11326	date:	2016-11-21T00:00:00
db:	VULHUB	id:	VHN-96634	date:	2017-06-09T00:00:00
db:	BID	id:	94250	date:	2016-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2016-000221	date:	2016-11-11T00:00:00
db:	CNNVD	id:	CNNVD-201611-354	date:	2016-11-18T00:00:00
db:	NVD	id:	CVE-2016-7814	date:	2017-06-09T16:29:00.720