Sign-up

ID

VAR-201809-0630


CVE

CVE-2018-0661


TITLE

Multiple vulnerabilities in multiple I-O DATA network camera products

Trust: 0.8

sources: JVNDB: JVNDB-2018-000089

DESCRIPTION

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. Several IO DATA products have security vulnerabilities. The following products and versions are affected: IO DATA TS-WRLP with firmware version 1.09.04 and earlier; TS-WRLA with firmware version 1.09.04 and earlier; TS-WRLP/E with firmware version 1.09.04 and earlier

Trust: 1.71

sources: NVD: CVE-2018-0661 // JVNDB: JVNDB-2018-000089 // VULHUB: VHN-118863

AFFECTED PRODUCTS

vendor:iodatamodel:ts-wrlp\/escope:lteversion:1.09.04

Trust: 1.0

vendor:iodatamodel:ts-wrlpscope:lteversion:1.09.04

Trust: 1.0

vendor:iodatamodel:ts-wrlascope:lteversion:1.09.04

Trust: 1.0

vendor:i o data devicemodel:ts-wrlascope:lteversion:firmware ver.1.09.04

Trust: 0.8

vendor:i o data devicemodel:ts-wrlpscope:lteversion:firmware ver.1.09.04

Trust: 0.8

vendor:i o data devicemodel:ts-wrlp/escope:lteversion:firmware ver.1.09.04

Trust: 0.8

vendor:iodatamodel:ts-wrlpscope:eqversion:1.09.04

Trust: 0.6

vendor:iodatamodel:ts-wrlp\/escope:eqversion:1.09.04

Trust: 0.6

vendor:iodatamodel:ts-wrlascope:eqversion:1.09.04

Trust: 0.6

sources: JVNDB: JVNDB-2018-000089 // CNNVD: CNNVD-201809-404 // NVD: CVE-2018-0661

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2018-000089
value: MEDIUM

Trust: 2.4

nvd@nist.gov: CVE-2018-0661
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201809-404
value: HIGH

Trust: 0.6

VULHUB: VHN-118863
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0661
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000089
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2018-000089
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P/BS: 5.8AV:L/AC:L/AU:N/C:P/I:P/A:P/BS:4.6
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2018-000089
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P/BS: 4.6
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-118863
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0661
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000089
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2018-000089
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 6.3
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2018-000089
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 4.3
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118863 // JVNDB: JVNDB-2018-000089 // JVNDB: JVNDB-2018-000089 // JVNDB: JVNDB-2018-000089 // CNNVD: CNNVD-201809-404 // NVD: CVE-2018-0661

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

problemtype:CWE-264

Trust: 0.8

problemtype:CWE-284

Trust: 0.1

sources: VULHUB: VHN-118863 // JVNDB: JVNDB-2018-000089 // NVD: CVE-2018-0661

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-404

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201809-404

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000089

PATCH
title:I-O DATA DEVICE, INC. websiteurl:http://www.iodata.jp/support/information/2018/ts-wrlp/
Trust: 0.8
title:Multiple I-O DATA Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84698
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-000089 // 
            
            
            
            CNNVD: CNNVD-201809-404

EXTERNAL IDS
db:JVNid:JVN83701666
Trust: 2.5
db:NVDid:CVE-2018-0661
Trust: 2.5
db:JVNDBid:JVNDB-2018-000089
Trust: 0.8
db:CNNVDid:CNNVD-201809-404
Trust: 0.7
db:VULHUBid:VHN-118863
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118863 // 
            
            
            
            JVNDB: JVNDB-2018-000089 // 
            
            
            
            CNNVD: CNNVD-201809-404 // 
            
            
            
            NVD: CVE-2018-0661

REFERENCES
url:http://jvn.jp/en/jp/jvn83701666/index.html
Trust: 2.5
url:http://www.iodata.jp/support/information/2018/ts-wrlp/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0661
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0662
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0663
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0661
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0662
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0663
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118863 // 
            
            
            
            JVNDB: JVNDB-2018-000089 // 
            
            
            
            CNNVD: CNNVD-201809-404 // 
            
            
            
            NVD: CVE-2018-0661

SOURCES
db:VULHUBid:VHN-118863
db:JVNDBid:JVNDB-2018-000089
db:CNNVDid:CNNVD-201809-404
db:NVDid:CVE-2018-0661

LAST UPDATE DATE
2024-11-23T22:41:41.280000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118863date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-000089date:2019-07-25T00:00:00
db:CNNVDid:CNNVD-201809-404date:2019-10-23T00:00:00
db:NVDid:CVE-2018-0661date:2024-11-21T03:38:41.277

SOURCES RELEASE DATE
db:VULHUBid:VHN-118863date:2018-09-07T00:00:00
db:JVNDBid:JVNDB-2018-000089date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201809-404date:2018-09-10T00:00:00
db:NVDid:CVE-2018-0661date:2018-09-07T14:29:02.990