Sign-up

ID

VAR-201706-0094


CVE

CVE-2016-7819


TITLE

Multiple I-O DATA network camera products vulnerable to OS command injection

Trust: 0.8

sources: JVNDB: JVNDB-2016-000234

DESCRIPTION

I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed. Attackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. The following products are affected : TS-WRLP firmware version 1.01.02 and prior. TS-WRLA firmware version 1.01.02 and prior

Trust: 1.98

sources: NVD: CVE-2016-7819 // JVNDB: JVNDB-2016-000234 // BID: 94594 // VULHUB: VHN-96639

AFFECTED PRODUCTS

vendor:iodatamodel:ts-wrlascope:lteversion:1.01.02

Trust: 1.0

vendor:iodatamodel:ts-wrlpscope:lteversion:1.01.02

Trust: 1.0

vendor:iodatamodel:ts-wrlpscope:eqversion:1.01.02

Trust: 0.9

vendor:iodatamodel:ts-wrlascope:eqversion:1.01.02

Trust: 0.9

vendor:i o data devicemodel:ts-wrlascope:lteversion:firmware version 1.01.02

Trust: 0.8

vendor:i o data devicemodel:ts-wrlpscope:lteversion:firmware version 1.01.02

Trust: 0.8

sources: BID: 94594 // JVNDB: JVNDB-2016-000234 // CNNVD: CNNVD-201611-712 // NVD: CVE-2016-7819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7819
value: HIGH

Trust: 1.0

IPA: JVNDB-2016-000234
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201611-712
value: CRITICAL

Trust: 0.6

VULHUB: VHN-96639
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-7819
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000234
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-96639
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7819
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000234
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-96639 // JVNDB: JVNDB-2016-000234 // CNNVD: CNNVD-201611-712 // NVD: CVE-2016-7819

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-96639 // JVNDB: JVNDB-2016-000234 // NVD: CVE-2016-7819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-712

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201611-712

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000234

PATCH
title:I-O DATA DEVICE, INC. websiteurl:http://www.iodata.jp/support/information/2016/ts-wrlap_2/
Trust: 0.8
title:I-O DATA DEVICE TS-WRLP  and TS-WRLA Buffer Overflow Vulnerability and Command Injection Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65979
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-000234 // 
            
            
            
            CNNVD: CNNVD-201611-712

EXTERNAL IDS
db:NVDid:CVE-2016-7819
Trust: 2.8
db:JVNid:JVN25059363
Trust: 2.8
db:BIDid:94594
Trust: 2.0
db:JVNDBid:JVNDB-2016-000234
Trust: 0.8
db:CNNVDid:CNNVD-201611-712
Trust: 0.7
db:VULHUBid:VHN-96639
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96639 // 
            
            
            
            BID: 94594 // 
            
            
            
            JVNDB: JVNDB-2016-000234 // 
            
            
            
            CNNVD: CNNVD-201611-712 // 
            
            
            
            NVD: CVE-2016-7819

REFERENCES
url:https://jvn.jp/en/jp/jvn25059363/index.html
Trust: 2.8
url:http://www.securityfocus.com/bid/94594
Trust: 1.7
url:http://www.iodata.jp/support/information/2016/ts-wrlap_2/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7819
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-7819
Trust: 0.8
url:www.iodata.jp/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-96639 // 
            
            
            
            BID: 94594 // 
            
            
            
            JVNDB: JVNDB-2016-000234 // 
            
            
            
            CNNVD: CNNVD-201611-712 // 
            
            
            
            NVD: CVE-2016-7819

CREDITS
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.
Trust: 0.9
sources:
            
            
            BID: 94594 // 
            
            
            
            CNNVD: CNNVD-201611-712

SOURCES
db:VULHUBid:VHN-96639
db:BIDid:94594
db:JVNDBid:JVNDB-2016-000234
db:CNNVDid:CNNVD-201611-712
db:NVDid:CVE-2016-7819

LAST UPDATE DATE
2025-04-20T23:23:45.381000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-96639date:2017-06-16T00:00:00
db:BIDid:94594date:2016-12-20T01:04:00
db:JVNDBid:JVNDB-2016-000234date:2018-01-17T00:00:00
db:CNNVDid:CNNVD-201611-712date:2017-06-12T00:00:00
db:NVDid:CVE-2016-7819date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-96639date:2017-06-09T00:00:00
db:BIDid:94594date:2016-11-30T00:00:00
db:JVNDBid:JVNDB-2016-000234date:2016-11-30T00:00:00
db:CNNVDid:CNNVD-201611-712date:2016-11-30T00:00:00
db:NVDid:CVE-2016-7819date:2017-06-09T16:29:00.843