CVE-2014-3895 - OpenCVE

The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Iodata	Ts-ptcam Camera Ts-wptcam Camera Ts-ptcam\/poe Camera Ts-wlcam\/v Camera Ts-wlcam Camera Firmware Ts-ptcam\/poe Camera Firmware Ts-wptcam Camera Firmware Ts-wlcam\/v Camera Firmware Ts-wlcam Camera Ts-wlc2 Camera Firmware Ts-ptcam Camera Firmware Ts-wlc2 Camera

Configuration 1 [-]

AND

cpe:2.3:o:iodata:ts-wlcam\/v_camera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iodata:ts-wlcam\/v_camera:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:iodata:ts-wptcam_camera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iodata:ts-wptcam_camera:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:iodata:ts-wlcam_camera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iodata:ts-wlcam_camera:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:iodata:ts-ptcam\/poe_camera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iodata:ts-ptcam\/poe_camera:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:iodata:ts-wlc2_camera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iodata:ts-wlc2_camera:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:iodata:ts-ptcam_camera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iodata:ts-ptcam_camera:-:*:*:*:*:*:*:*

References

Link	Resource
http://jvn.jp/en/jp/JVN94592501/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000087
http://www.iodata.jp/support/information/2014/qwatch/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2014-07-29T20:00:00

Updated: 2014-07-29T19:57:00

Reserved: 2014-05-27T00:00:00

Link: CVE-2014-3895

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-07-29T20:55:08.583

Modified: 2014-07-30T18:48:14.953

Link: CVE-2014-3895

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-07-29T19:57:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVNDB-2014-000087", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000087"}, {"name": "JVN#94592501", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN94592501/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.iodata.jp/support/information/2014/qwatch/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2014-3895", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JVNDB-2014-000087", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000087"}, {"name": "JVN#94592501", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN94592501/index.html"}, {"name": "http://www.iodata.jp/support/information/2014/qwatch/", "refsource": "CONFIRM", "url": "http://www.iodata.jp/support/information/2014/qwatch/"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2014-3895", "datePublished": "2014-07-29T20:00:00", "dateReserved": "2014-05-27T00:00:00", "dateUpdated": "2014-07-29T19:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iodata:ts-wlcam\\/v_camera_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "506884F8-96FA-480A-96B9-6213A37AAAFE", "versionEndIncluding": "1.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iodata:ts-wlcam\\/v_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "7227CF1F-EF1A-4572-AA2E-7AAAF9EBBE5B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iodata:ts-wptcam_camera_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B46D5B36-8DCE-4C66-B56E-C63B4261DD9F", "versionEndIncluding": "1.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iodata:ts-wptcam_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "AAD265FB-B8F9-40D9-8A19-C32FBE038020", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iodata:ts-wlcam_camera_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B38AA45-57E0-4C0D-B283-5D3031DE9977", "versionEndIncluding": "1.06", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iodata:ts-wlcam_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "476413A4-5128-46EE-93EB-23F37C981DCC", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:iodata:ts-ptcam\\/poe_camera_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "29FA62AB-CBF2-4BC3-A98C-8328687C64AF", "versionEndIncluding": "1.08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iodata:ts-ptcam\\/poe_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD15C82A-ED6F-4C5C-B7E8-0C844B51C49D", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iodata:ts-wlc2_camera_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C25DDC9-833D-496C-ACE3-9C3EA99D90C2", "versionEndIncluding": "1.02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iodata:ts-wlc2_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CEC260D-9795-4206-B83F-D2104FAEC04B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iodata:ts-ptcam_camera_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5960A3F9-03A8-4F09-9EB3-48935215951B", "versionEndIncluding": "1.08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iodata:ts-ptcam_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAA2FECD-B383-4E34-855E-CE8507677039", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors."}, {"lang": "es", "value": "La camera I-O DATA TS-WLCAM con firmware 1.06 y anteriores, la camera TS-WLCAM/V con firmware 1.06 y anteriores, la camera TS-WPTCAM con firmware 1.08 y anteriores, la camera TS-PTCAM con firmware 1.08 y anteriores, la camera TS-PTCAM/POE con firmware 1.08 y anteriores y la camera TS-WLC2 con firmware 1.02 y anteriores permiten a atacantes remotos evadir la autenticaci\u00f3n, y como consecuencia obtener informaci\u00f3n sensible de credenciales y datos de configuraci\u00f3n, a trav\u00e9s de vectores no especificados."}], "evaluatorComment": "Per: http://jvn.jp/en/jp/JVN94592501/index.html\n\n\"Products Affected\n\n TS-WLCAM firmware version 1.06 and earlier\n TS-WLCAM/V firmware version 1.06 and earlier\n TS-WPTCAM firmware version 1.08 and earlier\n TS-PTCAM firmware version 1.08 and earlier\n TS-PTCAM/POE firmware version 1.08 and earlier\n TS-WLC2 firmware version 1.02 and earlier\"", "id": "CVE-2014-3895", "lastModified": "2014-07-30T18:48:14.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-29T20:55:08.583", "references": [{"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN94592501/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000087"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://www.iodata.jp/support/information/2014/qwatch/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}