Sign-up

ID

VAR-201809-0632


CVE

CVE-2018-0663


TITLE

Multiple vulnerabilities in multiple I-O DATA network camera products

Trust: 0.8

sources: JVNDB: JVNDB-2018-000089

DESCRIPTION

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc

Trust: 1.71

sources: NVD: CVE-2018-0663 // JVNDB: JVNDB-2018-000089 // VULHUB: VHN-118865

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:iodatamodel:ts-wrlp\/escope:lteversion:1.09.04

Trust: 1.0

vendor:iodatamodel:ts-wrlpscope:lteversion:1.09.04

Trust: 1.0

vendor:iodatamodel:ts-wrlascope:lteversion:1.09.04

Trust: 1.0

vendor:i o data devicemodel:ts-wrlascope:lteversion:firmware ver.1.09.04

Trust: 0.8

vendor:i o data devicemodel:ts-wrlpscope:lteversion:firmware ver.1.09.04

Trust: 0.8

vendor:i o data devicemodel:ts-wrlp/escope:lteversion:firmware ver.1.09.04

Trust: 0.8

vendor:iodatamodel:ts-wrlpscope:eqversion:1.09.04

Trust: 0.6

vendor:iodatamodel:ts-wrlp\/escope:eqversion:1.09.04

Trust: 0.6

vendor:iodatamodel:ts-wrlascope:eqversion:1.09.04

Trust: 0.6

sources: JVNDB: JVNDB-2018-000089 // CNNVD: CNNVD-201809-402 // NVD: CVE-2018-0663

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2018-000089
value: MEDIUM

Trust: 2.4

nvd@nist.gov: CVE-2018-0663
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201809-402
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118865
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0663
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000089
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2018-000089
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P/BS: 5.8AV:L/AC:L/AU:N/C:P/I:P/A:P/BS:4.6
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2018-000089
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P/BS: 4.6
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-118865
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0663
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000089
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2018-000089
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 6.3
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2018-000089
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 4.3
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118865 // JVNDB: JVNDB-2018-000089 // JVNDB: JVNDB-2018-000089 // JVNDB: JVNDB-2018-000089 // CNNVD: CNNVD-201809-402 // NVD: CVE-2018-0663

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

problemtype:CWE-264

Trust: 0.8

sources: VULHUB: VHN-118865 // JVNDB: JVNDB-2018-000089 // NVD: CVE-2018-0663

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-402

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201809-402

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000089

PATCH
title:I-O DATA DEVICE, INC. websiteurl:http://www.iodata.jp/support/information/2018/ts-wrlp/
Trust: 0.8
title:Multiple I-O DATA Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84696
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-000089 // 
            
            
            
            CNNVD: CNNVD-201809-402

EXTERNAL IDS
db:NVDid:CVE-2018-0663
Trust: 2.6
db:JVNid:JVN83701666
Trust: 2.5
db:JVNDBid:JVNDB-2018-000089
Trust: 0.8
db:CNNVDid:CNNVD-201809-402
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-118865
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-118865 // 
            
            
            
            JVNDB: JVNDB-2018-000089 // 
            
            
            
            CNNVD: CNNVD-201809-402 // 
            
            
            
            NVD: CVE-2018-0663

REFERENCES
url:http://jvn.jp/en/jp/jvn83701666/index.html
Trust: 2.5
url:http://www.iodata.jp/support/information/2018/ts-wrlp/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0661
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0662
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0663
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0661
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0662
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0663
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-118865 // 
            
            
            
            JVNDB: JVNDB-2018-000089 // 
            
            
            
            CNNVD: CNNVD-201809-402 // 
            
            
            
            NVD: CVE-2018-0663

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-118865
db:JVNDBid:JVNDB-2018-000089
db:CNNVDid:CNNVD-201809-402
db:NVDid:CVE-2018-0663

LAST UPDATE DATE
2025-01-30T21:26:53.764000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118865date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-000089date:2019-07-25T00:00:00
db:CNNVDid:CNNVD-201809-402date:2018-09-10T00:00:00
db:NVDid:CVE-2018-0663date:2024-11-21T03:38:41.593

SOURCES RELEASE DATE
db:VULHUBid:VHN-118865date:2018-09-07T00:00:00
db:JVNDBid:JVNDB-2018-000089date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201809-402date:2018-09-10T00:00:00
db:NVDid:CVE-2018-0663date:2018-09-07T14:29:03.257