ID
VAR-201707-0424
CVE
CVE-2017-2223
TITLE
Multiple I-O DATA network camera products vulnerable to cross-site request forgery
Trust: 0.8
DESCRIPTION
Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability (CWE-352). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATATS-WPTCAM and so on are all network cameras from I-ODATADEVICE, Japan. A remote attacker could exploit this vulnerability to perform unauthorized operations. Other attacks are also possible. TS-WPTCAM2 firmware version 1.19 and prior. TS-PTCAM firmware version 1.19 and prior. TS-PTCAM/POE firmware version 1.19 and prior. TS-WLC2 firmware version 1.19 and prior. TS-WLCE firmware version 1.19 and prior. TS-WRLC firmware version 1.19 and prior
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | iodata | model: | ts-wlc2 camera | scope: | lte | version: | 1.19 | Trust: 1.0 |
| vendor: | iodata | model: | ts-wrlc camera | scope: | lte | version: | 1.19 | Trust: 1.0 |
| vendor: | iodata | model: | ts-ptcam\/poe camera | scope: | lte | version: | 1.19 | Trust: 1.0 |
| vendor: | iodata | model: | ts-wptcam camera | scope: | lte | version: | 1.19 | Trust: 1.0 |
| vendor: | iodata | model: | ts-ptcam camera | scope: | lte | version: | 1.19 | Trust: 1.0 |
| vendor: | iodata | model: | ts-wptcam2 | scope: | lte | version: | 1.01 | Trust: 1.0 |
| vendor: | iodata | model: | ts-wlce camera | scope: | lte | version: | 1.19 | Trust: 1.0 |
| vendor: | i o data device | model: | ts-ptcam | scope: | lte | version: | version 1.19 | Trust: 0.8 |
| vendor: | i o data device | model: | ts-ptcam/poe | scope: | lte | version: | version 1.19 | Trust: 0.8 |
| vendor: | i o data device | model: | ts-wlc2 | scope: | lte | version: | version 1.19 | Trust: 0.8 |
| vendor: | i o data device | model: | ts-wlce | scope: | lte | version: | version 1.19 | Trust: 0.8 |
| vendor: | i o data device | model: | ts-wptcam | scope: | lte | version: | version 1.19 | Trust: 0.8 |
| vendor: | i o data device | model: | ts-wptcam2 | scope: | lte | version: | version 1.01 | Trust: 0.8 |
| vendor: | i o data device | model: | ts-wrlc | scope: | lte | version: | version 1.19 | Trust: 0.8 |
| vendor: | i o data device | model: | ts-wptcam | scope: | lte | version: | <=1.19 | Trust: 0.6 |
| vendor: | i o data device | model: | ts-ptcam | scope: | lt | version: | 1.19 | Trust: 0.6 |
| vendor: | i o data device | model: | ts-ptcam/poe | scope: | lt | version: | 1.19 | Trust: 0.6 |
| vendor: | i o data device | model: | ts-wlc2 | scope: | lt | version: | 1.19 | Trust: 0.6 |
| vendor: | i o data device | model: | ts-wlce | scope: | eq | version: | 1.19 | Trust: 0.6 |
| vendor: | i o data device | model: | ts-wrlc | scope: | lt | version: | 1.19 | Trust: 0.6 |
| vendor: | i o data device | model: | ts-wptcam2 | scope: | lt | version: | 1.01 | Trust: 0.6 |
| vendor: | iodata | model: | ts-wptcam2 | scope: | eq | version: | 1.01 | Trust: 0.6 |
| vendor: | iodata | model: | ts-ptcam camera | scope: | eq | version: | 1.19 | Trust: 0.6 |
| vendor: | iodata | model: | ts-wptcam camera | scope: | eq | version: | 1.19 | Trust: 0.6 |
| vendor: | iodata | model: | ts-wrlc camera | scope: | eq | version: | 1.19 | Trust: 0.6 |
| vendor: | iodata | model: | ts-wlce camera | scope: | eq | version: | 1.19 | Trust: 0.6 |
| vendor: | iodata | model: | ts-ptcam\/poe camera | scope: | eq | version: | 1.19 | Trust: 0.6 |
| vendor: | iodata | model: | ts-wlc2 camera | scope: | eq | version: | 1.19 | Trust: 0.6 |
| vendor: | i o | model: | data device inc ts-wrlc | scope: | eq | version: | 1.19 | Trust: 0.3 |
| vendor: | i o | model: | data device inc ts-wptcam2 | scope: | eq | version: | 1.19 | Trust: 0.3 |
| vendor: | i o | model: | data device inc ts-wptcam | scope: | eq | version: | 1.19 | Trust: 0.3 |
| vendor: | i o | model: | data device inc ts-wlce | scope: | eq | version: | 1.19 | Trust: 0.3 |
| vendor: | i o | model: | data device inc ts-wlc2 | scope: | eq | version: | 1.19 | Trust: 0.3 |
| vendor: | i o | model: | data device inc ts-ptcam/poe | scope: | eq | version: | 1.19 | Trust: 0.3 |
| vendor: | i o | model: | data device inc ts-ptcam | scope: | eq | version: | 1.19 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
cross-site request forgery
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | I-O DATA DEVICE, INC. website | url: | http://www.iodata.jp/support/information/2017/camera201706/ | Trust: 0.8 |
| title: | Patches for cross-site request forgery vulnerabilities for multiple I-ODATANetworkCamera products | url: | https://www.cnvd.org.cn/patchInfo/show/97864 | Trust: 0.6 |
| title: | Multiple I-O DATA Network Camera Repair measures for product cross-site request forgery vulnerability | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71129 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-2223 | Trust: 3.4 |
| db: | JVN | id: | JVN65411235 | Trust: 3.4 |
| db: | BID | id: | 99144 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2017-000141 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201706-885 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-13901 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-110426 | Trust: 0.1 |
REFERENCES
| url: | https://jvn.jp/en/jp/jvn65411235/index.html | Trust: 2.8 |
| url: | http://www.securityfocus.com/bid/99144 | Trust: 2.3 |
| url: | http://www.iodata.jp/support/information/2017/camera201706/ | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2223 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-2223 | Trust: 0.8 |
| url: | http://jvn.jp/en/jp/jvn65411235/ | Trust: 0.6 |
| url: | http://www.iodata.jp/ | Trust: 0.3 |
CREDITS
Takayoshi Isayama
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2017-13901 |
| db: | VULHUB | id: | VHN-110426 |
| db: | BID | id: | 99144 |
| db: | JVNDB | id: | JVNDB-2017-000141 |
| db: | CNNVD | id: | CNNVD-201706-885 |
| db: | NVD | id: | CVE-2017-2223 |
LAST UPDATE DATE
2025-04-20T23:38:29.149000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-13901 | date: | 2017-07-12T00:00:00 |
| db: | VULHUB | id: | VHN-110426 | date: | 2017-07-16T00:00:00 |
| db: | BID | id: | 99144 | date: | 2017-06-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-000141 | date: | 2018-02-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-885 | date: | 2017-07-10T00:00:00 |
| db: | NVD | id: | CVE-2017-2223 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-13901 | date: | 2017-07-12T00:00:00 |
| db: | VULHUB | id: | VHN-110426 | date: | 2017-07-07T00:00:00 |
| db: | BID | id: | 99144 | date: | 2017-06-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-000141 | date: | 2017-06-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-885 | date: | 2017-06-21T00:00:00 |
| db: | NVD | id: | CVE-2017-2223 | date: | 2017-07-07T13:29:00.740 |