Find a vulnerability
Search criteria
41 vulnerabilities by iodata
VAR-201704-0456
Vulnerability from variot - Updated: 2025-04-20 23:43Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An arbitrary script may be executed on the user's web browser. I-ODATADEVICERockDisk is a network storage (NAS) device from I-ODATADEVICE, Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0456",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rockdisk",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.05e1-2.0.5"
},
{
"model": "rockdisk",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "rockdisk",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.05e1-2.0.5"
},
{
"model": "rockdisk \u003c1.05e1-2.0.5",
"scope": null,
"trust": 0.6,
"vendor": "i o data device",
"version": null
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.05e1-2.0.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:rockdisk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:rockdisk_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
}
]
},
"cve": "CVE-2014-3887",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2014-3887",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2014-000069",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-07173",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-71827",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2014-3887",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3887",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-000069",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-07173",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-743",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-71827",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An arbitrary script may be executed on the user\u0027s web browser. I-ODATADEVICERockDisk is a network storage (NAS) device from I-ODATADEVICE, Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3887"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN74608669",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2014-3887",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-07173",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71827",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
}
]
},
"id": "VAR-201704-0456",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
}
]
},
"last_update_date": "2025-04-20T23:43:05.697000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
},
{
"title": "Patch for I-ODATADEVICERockDisk Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/94063"
},
{
"title": "I-O DATA DEVICE RockDisk Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70221"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://jvn.jp/en/jp/jvn74608669/index.html"
},
{
"trust": 1.7,
"url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3887"
},
{
"trust": 0.8,
"url": "http://jvn.jp/jp/jvn74608669/index.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000096.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3887"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-71827"
},
{
"date": "2014-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-743"
},
{
"date": "2017-04-13T17:59:00.277000",
"db": "NVD",
"id": "CVE-2014-3887"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"date": "2017-04-20T00:00:00",
"db": "VULHUB",
"id": "VHN-71827"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"date": "2017-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-743"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2014-3887"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE RockDisk Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
],
"trust": 0.6
}
}
VAR-201704-0928
Vulnerability from variot - Updated: 2025-04-20 23:40Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user accesses a malicious URL while logged in, an arbitrary script may be executed on the user's web browser. I-O DATA WN-AC1167GR is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. IO DATA WN-AC1167GR is a wireless router produced by Japan IO DATA DEVICE company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0928",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-ac1167gr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.04"
},
{
"model": "wn-ac1167gr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.04"
},
{
"model": "wn-ac1167gr",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.04"
},
{
"model": "wn-ac1167gr",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.04"
},
{
"model": "data device wn-ac1167gr",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "BID",
"id": "97714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:i-o_data_device:wn-ac1167gr_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc.",
"sources": [
{
"db": "BID",
"id": "97714"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2148",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-2148",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 1.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000070",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CNVD-2017-04568",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-110351",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2017-2148",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000070",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2148",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2017-000070",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-04568",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1010",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-110351",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "VULHUB",
"id": "VHN-110351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user accesses a malicious URL while logged in, an arbitrary script may be executed on the user\u0027s web browser. I-O DATA WN-AC1167GR is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. IO DATA WN-AC1167GR is a wireless router produced by Japan IO DATA DEVICE company",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2148"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "BID",
"id": "97714"
},
{
"db": "VULHUB",
"id": "VHN-110351"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2148",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN01537659",
"trust": 3.4
},
{
"db": "BID",
"id": "97714",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04568",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110351",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "VULHUB",
"id": "VHN-110351"
},
{
"db": "BID",
"id": "97714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
}
]
},
"id": "VAR-201704-0928",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "VULHUB",
"id": "VHN-110351"
}
],
"trust": 1.3875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
}
]
},
"last_update_date": "2025-04-20T23:40:09.833000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/wn-ac1167gr/"
},
{
"title": "Patch for WN-AC1167GR Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91864"
},
{
"title": "I-O DATA WN-AC1167GR Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69715"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn01537659/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97714"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/wn-ac1167gr/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2148"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2148"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn01537659/"
},
{
"trust": 0.3,
"url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "VULHUB",
"id": "VHN-110351"
},
{
"db": "BID",
"id": "97714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "VULHUB",
"id": "VHN-110351"
},
{
"db": "BID",
"id": "97714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110351"
},
{
"date": "2017-04-14T00:00:00",
"db": "BID",
"id": "97714"
},
{
"date": "2017-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"date": "2017-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1010"
},
{
"date": "2017-04-28T16:59:01.887000",
"db": "NVD",
"id": "CVE-2017-2148"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"date": "2017-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-110351"
},
{
"date": "2017-04-14T00:00:00",
"db": "BID",
"id": "97714"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1010"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2148"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-AC1167GR vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
],
"trust": 0.6
}
}
VAR-201707-0424
Vulnerability from variot - Updated: 2025-04-20 23:38Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability (CWE-352). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATATS-WPTCAM and so on are all network cameras from I-ODATADEVICE, Japan. A remote attacker could exploit this vulnerability to perform unauthorized operations. Other attacks are also possible. TS-WPTCAM2 firmware version 1.19 and prior. TS-PTCAM firmware version 1.19 and prior. TS-PTCAM/POE firmware version 1.19 and prior. TS-WLC2 firmware version 1.19 and prior. TS-WLCE firmware version 1.19 and prior. TS-WRLC firmware version 1.19 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wlc2 camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wrlc camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-ptcam\\/poe camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wptcam camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-ptcam camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wptcam2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "ts-wlce camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-wptcam2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.01"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.19"
},
{
"model": "ts-ptcam",
"scope": "lt",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.19"
},
{
"model": "ts-ptcam/poe",
"scope": "lt",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.19"
},
{
"model": "ts-wlc2",
"scope": "lt",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.19"
},
{
"model": "ts-wlce",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.19"
},
{
"model": "ts-wrlc",
"scope": "lt",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.19"
},
{
"model": "ts-wptcam2",
"scope": "lt",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.01"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "ts-ptcam camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wptcam camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wrlc camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlce camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-ptcam\\/poe camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlc2 camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "data device inc ts-wrlc",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-wptcam2",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-wptcam",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-wlce",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-wlc2",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-ptcam/poe",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-ptcam",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "BID",
"id": "99144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wlc2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wlce_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wrlc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Takayoshi Isayama",
"sources": [
{
"db": "BID",
"id": "99144"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2223",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-2223",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000141",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-13901",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-110426",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-2223",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000141",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2223",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000141",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-13901",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-885",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110426",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "VULHUB",
"id": "VHN-110426"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability (CWE-352). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATATS-WPTCAM and so on are all network cameras from I-ODATADEVICE, Japan. A remote attacker could exploit this vulnerability to perform unauthorized operations. Other attacks are also possible. \nTS-WPTCAM2 firmware version 1.19 and prior. \nTS-PTCAM firmware version 1.19 and prior. \nTS-PTCAM/POE firmware version 1.19 and prior. \nTS-WLC2 firmware version 1.19 and prior. \nTS-WLCE firmware version 1.19 and prior. \nTS-WRLC firmware version 1.19 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "BID",
"id": "99144"
},
{
"db": "VULHUB",
"id": "VHN-110426"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2223",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN65411235",
"trust": 3.4
},
{
"db": "BID",
"id": "99144",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-13901",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110426",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "VULHUB",
"id": "VHN-110426"
},
{
"db": "BID",
"id": "99144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
}
]
},
"id": "VAR-201707-0424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "VULHUB",
"id": "VHN-110426"
}
],
"trust": 1.4956070953846154
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
}
]
},
"last_update_date": "2025-04-20T23:38:29.149000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/camera201706/"
},
{
"title": "Patches for cross-site request forgery vulnerabilities for multiple I-ODATANetworkCamera products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/97864"
},
{
"title": "Multiple I-O DATA Network Camera Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71129"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110426"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://jvn.jp/en/jp/jvn65411235/index.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/99144"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/camera201706/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2223"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2223"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn65411235/"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "VULHUB",
"id": "VHN-110426"
},
{
"db": "BID",
"id": "99144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "VULHUB",
"id": "VHN-110426"
},
{
"db": "BID",
"id": "99144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-110426"
},
{
"date": "2017-06-20T00:00:00",
"db": "BID",
"id": "99144"
},
{
"date": "2017-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-885"
},
{
"date": "2017-07-07T13:29:00.740000",
"db": "NVD",
"id": "CVE-2017-2223"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"date": "2017-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-110426"
},
{
"date": "2017-06-20T00:00:00",
"db": "BID",
"id": "99144"
},
{
"date": "2018-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"date": "2017-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-885"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2223"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
],
"trust": 0.6
}
}
VAR-201704-0925
Vulnerability from variot - Updated: 2025-04-20 23:36Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain a stack based buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0925",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.03"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver.1.03"
},
{
"model": "wn-g300r3",
"scope": null,
"trust": 0.6,
"vendor": "i o data device",
"version": null
},
{
"model": "wn-g300r3",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r3_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
}
]
},
"cve": "CVE-2017-2142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-2142",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000060",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-04290",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-110345",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-2142",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000060",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2142",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-000060",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04290",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-100",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-110345",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain a stack based buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN81024552",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-2142",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04290",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110345",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
}
]
},
"id": "VAR-201704-0925",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
}
],
"trust": 1.2833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
}
]
},
"last_update_date": "2025-04-20T23:36:55.511000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
},
{
"title": "WN-G300R3 Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91703"
},
{
"title": "I-O DATA WN-G300R3 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69775"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn81024552/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2142"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2142"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn81024552/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110345"
},
{
"date": "2017-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"date": "2017-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-100"
},
{
"date": "2017-04-28T16:59:01.777000",
"db": "NVD",
"id": "CVE-2017-2142"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"date": "2017-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-110345"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"date": "2017-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-100"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2142"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-G300R3 vulnerable to stack based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
],
"trust": 0.6
}
}
VAR-201704-0924
Vulnerability from variot - Updated: 2025-04-20 23:36WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE. There is a security vulnerability in IO DATA WN-G300R3 devices using firmware version 1.03 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0924",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.03"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver.1.03"
},
{
"model": "wn-g300r3",
"scope": null,
"trust": 0.6,
"vendor": "i o data device",
"version": null
},
{
"model": "wn-g300r3",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r3_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
}
]
},
"cve": "CVE-2017-2141",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-2141",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000059",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2017-04291",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-110344",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2017-2141",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000059",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2141",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000059",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-04291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-101",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-110344",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE. There is a security vulnerability in IO DATA WN-G300R3 devices using firmware version 1.03 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2141"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2141",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN81024552",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04291",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110344",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
}
]
},
"id": "VAR-201704-0924",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
}
],
"trust": 1.2833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
}
]
},
"last_update_date": "2025-04-20T23:36:55.481000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
},
{
"title": "WN-G300R3OS command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91704"
},
{
"title": "I-O DATA WN-G300R3 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69776"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn81024552/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2141"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2141"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn81024552/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110344"
},
{
"date": "2017-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"date": "2017-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-101"
},
{
"date": "2017-04-28T16:59:01.747000",
"db": "NVD",
"id": "CVE-2017-2141"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"date": "2017-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-110344"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"date": "2017-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-101"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2141"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-G300R3 vulnerable to OS command injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
],
"trust": 0.6
}
}
VAR-201708-0811
Vulnerability from variot - Updated: 2025-04-20 23:35WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials (CWE-798). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A hard-coded credential vulnerability exists in I-ODATADEVICEWN-G300R3 with firmware version 1.0.2 and earlier. The vulnerability stems from the fact that the program uses a hard-coded certificate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0811",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.0.2"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.0.2"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.0.2"
},
{
"model": "wn-g300r3",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.0.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r3_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
}
]
},
"cve": "CVE-2017-2283",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2017-2283",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-000188",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-20140",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-110486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2017-2283",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000188",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2283",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000188",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-20140",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-081",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110486",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials (CWE-798). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A hard-coded credential vulnerability exists in I-ODATADEVICEWN-G300R3 with firmware version 1.0.2 and earlier. The vulnerability stems from the fact that the program uses a hard-coded certificate",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2283"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2283",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN51410509",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-20140",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110486",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
}
]
},
"id": "VAR-201708-0811",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
}
],
"trust": 1.2833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
}
]
},
"last_update_date": "2025-04-20T23:35:47.568000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
},
{
"title": "I-ODATADEVICEWN-G300R3 hardcoded certificate vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/99807"
},
{
"title": "I-O DATA DEVICE WN-G300R3 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72355"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn51410509/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2283"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2283"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn51410509/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"date": "2017-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-110486"
},
{
"date": "2017-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-081"
},
{
"date": "2017-08-02T16:29:00.487000",
"db": "NVD",
"id": "CVE-2017-2283"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"date": "2017-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-110486"
},
{
"date": "2018-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-081"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2283"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA WN-G300R31 uses hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
],
"trust": 0.6
}
}
VAR-201706-0090
Vulnerability from variot - Updated: 2025-04-20 23:32I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability (CWE-200). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information such as authentication credentials may be disclosed by an attacker who can access the product. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0090",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wrla",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00.01"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00.01"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00.01"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00.01"
},
{
"model": "data ts-wrlp",
"scope": "lte",
"trust": 0.6,
"vendor": "i o",
"version": "\u003c=1.00.01"
},
{
"model": "data ts-wrla",
"scope": "lte",
"trust": 0.6,
"vendor": "i o",
"version": "\u003c=1.00.01"
},
{
"model": "ts-wrla",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.00.01"
},
{
"model": "ts-wrlp",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.00.01"
},
{
"model": "data device ts-wrlp",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.0.1"
},
{
"model": "data device ts-wrla",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.0.1"
},
{
"model": "data device ts-wrlp",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "1.1.2"
},
{
"model": "data device ts-wrla",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "1.1.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "BID",
"id": "94250"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:ts-wrla",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:ts-wrlp",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "BID",
"id": "94250"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7814",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-7814",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000221",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11326",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-96634",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-7814",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000221",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7814",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000221",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-11326",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-354",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96634",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "VULHUB",
"id": "VHN-96634"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability (CWE-200). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information such as authentication credentials may be disclosed by an attacker who can access the product. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7814"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "BID",
"id": "94250"
},
{
"db": "VULHUB",
"id": "VHN-96634"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7814",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN34103586",
"trust": 2.8
},
{
"db": "BID",
"id": "94250",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-11326",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-96634",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "VULHUB",
"id": "VHN-96634"
},
{
"db": "BID",
"id": "94250"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
}
]
},
"id": "VAR-201706-0090",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "VULHUB",
"id": "VHN-96634"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
}
]
},
"last_update_date": "2025-04-20T23:32:53.834000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap/"
},
{
"title": "Patches for multiple I-ODATANetworkCamera product information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84086"
},
{
"title": "I-O DATA Network camera Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65715"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96634"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn34103586/index.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94250"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7814"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7814"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn34103586/index.html jvn#34103586 "
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap/ "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "VULHUB",
"id": "VHN-96634"
},
{
"db": "BID",
"id": "94250"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "VULHUB",
"id": "VHN-96634"
},
{
"db": "BID",
"id": "94250"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96634"
},
{
"date": "2016-11-11T00:00:00",
"db": "BID",
"id": "94250"
},
{
"date": "2016-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"date": "2016-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-354"
},
{
"date": "2017-06-09T16:29:00.720000",
"db": "NVD",
"id": "CVE-2016-7814"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"date": "2017-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-96634"
},
{
"date": "2016-11-24T01:09:00",
"db": "BID",
"id": "94250"
},
{
"date": "2018-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-354"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-7814"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
],
"trust": 0.6
}
}
VAR-201706-0083
Vulnerability from variot - Updated: 2025-04-20 23:29I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. WFS-SR01 firmware version 1.10 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0083",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wfs-sr01",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.3,
"vendor": "i o data device",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.3,
"vendor": "i o data device",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:wfs-sr01",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported the issue.",
"sources": [
{
"db": "BID",
"id": "94089"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-7806",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000214",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-96626",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-7806",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000214",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7806",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2016-000214",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-017",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-96626",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-7806",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in \"Pocket Router Function\". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. \nWFS-SR01 firmware version 1.10 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7806"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "VULMON",
"id": "CVE-2016-7806"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7806",
"trust": 2.9
},
{
"db": "JVN",
"id": "JVN18228200",
"trust": 2.9
},
{
"db": "BID",
"id": "94089",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96626",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-7806",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
}
]
},
"id": "VAR-201706-0083",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96626"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:29:41.524000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/wfssr01/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-nocwe",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://jvn.jp/en/jp/jvn18228200/index.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/94089"
},
{
"trust": 1.8,
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7806"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7806"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96626"
},
{
"date": "2017-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"date": "2016-11-02T00:00:00",
"db": "BID",
"id": "94089"
},
{
"date": "2016-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-017"
},
{
"date": "2017-06-09T16:29:00.487000",
"db": "NVD",
"id": "CVE-2016-7806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-96626"
},
{
"date": "2017-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94089"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-017"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-7806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command injection vulnerability in WFS-SR01",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
}
],
"trust": 0.6
}
}
VAR-201706-0084
Vulnerability from variot - Updated: 2025-04-20 23:29I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. Attackers can exploit these issues to execute remote command or to bypass certain security restrictions and perform unauthorized actions. WFS-SR01 firmware version 1.10 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0084",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wfs-sr01",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.3,
"vendor": "i o data device",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.3,
"vendor": "i o data device",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:wfs-sr01",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported the issue.",
"sources": [
{
"db": "BID",
"id": "94089"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7807",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-7807",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000215",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-96627",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-7807",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000215",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7807",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000215",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-018",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96627",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96627"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in \"Pocket Router Function\". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. \nAttackers can exploit these issues to execute remote command or to bypass certain security restrictions and perform unauthorized actions. \nWFS-SR01 firmware version 1.10 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7807"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "VULHUB",
"id": "VHN-96627"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7807",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN18228200",
"trust": 2.8
},
{
"db": "BID",
"id": "94089",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96627",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96627"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
}
]
},
"id": "VAR-201706-0084",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96627"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:29:41.493000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/wfssr01/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-nocwe",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96627"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://jvn.jp/en/jp/jvn18228200/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94089"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7807"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7807"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96627"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96627"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96627"
},
{
"date": "2016-11-02T00:00:00",
"db": "BID",
"id": "94089"
},
{
"date": "2016-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-018"
},
{
"date": "2017-06-09T16:29:00.517000",
"db": "NVD",
"id": "CVE-2016-7807"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-96627"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94089"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-018"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-7807"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access restriction bypass vulnerability in WFS-SR01",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
}
],
"trust": 0.6
}
}
VAR-201711-0037
Vulnerability from variot - Updated: 2025-04-20 23:29I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. contains a denial-of-service (DoS) vulnerability (CWE-119) due to a flaw in processing certain packets. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Receiving a specially crafted packet may result in a denial-of-service (DoS) condition. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lan disk connect",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.02"
},
{
"model": "lan disk connect",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver2.02"
},
{
"model": "lan disk connect",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "2.02"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:lan_disk_connect",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
}
]
},
"cve": "CVE-2017-10875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-10875",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000233",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-101241",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-10875",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000233",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-10875",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000233",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-387",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-101241",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. contains a denial-of-service (DoS) vulnerability (CWE-119) due to a flaw in processing certain packets. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Receiving a specially crafted packet may result in a denial-of-service (DoS) condition. An attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10875"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "VULHUB",
"id": "VHN-101241"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10875",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVN87886530",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101241",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
}
]
},
"id": "VAR-201711-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101241"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:29:32.281000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/ld-connect/"
},
{
"title": "I-O DATA DEVICE LAN DISK Connect Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76255"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn87886530/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/ld-connect/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10875"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10875"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-101241"
},
{
"date": "2017-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"date": "2017-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-387"
},
{
"date": "2017-11-13T14:29:00.650000",
"db": "NVD",
"id": "CVE-2017-10875"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-101241"
},
{
"date": "2018-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"date": "2017-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-387"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-10875"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA LAN DISK Connect vulnerable to denial-of-service (DoS)",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
],
"trust": 0.6
}
}
VAR-201704-0948
Vulnerability from variot - Updated: 2025-04-20 23:27TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. Remote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0948",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-ptcam\\/poe",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlce",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.17"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.17"
},
{
"model": "ts-ptcam\\/poe",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.00"
},
{
"model": "ts-wlc",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.18"
},
{
"model": "ts-wrlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.01"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlce",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wlc2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wlce_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wrlc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "96620"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2112",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2017-2112",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000040",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-02696",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-110315",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-2112",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000040",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2112",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000040",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-02696",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-087",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-110315",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "VULHUB",
"id": "VHN-110315"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. \nRemote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2112"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "VULHUB",
"id": "VHN-110315"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2112",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN46830433",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040",
"trust": 2.0
},
{
"db": "BID",
"id": "96620",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02696",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110315",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "VULHUB",
"id": "VHN-110315"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
}
]
},
"id": "VAR-201704-0948",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "VULHUB",
"id": "VHN-110315"
}
],
"trust": 1.3627042399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
}
]
},
"last_update_date": "2025-04-20T23:27:26.155000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"title": "Patches for multiple I-ODATAnetworkcamera command injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/90468"
},
{
"title": "Multiple I-O DATA network camera Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110315"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn46830433/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"trust": 1.2,
"url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000040.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/96620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2112"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2112"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "VULHUB",
"id": "VHN-110315"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "VULHUB",
"id": "VHN-110315"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110315"
},
{
"date": "2017-03-02T00:00:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"date": "2017-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-087"
},
{
"date": "2017-04-28T16:59:01.077000",
"db": "NVD",
"id": "CVE-2017-2112"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-110315"
},
{
"date": "2017-03-16T00:01:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"date": "2017-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-087"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2112"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to OS command injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
],
"trust": 0.6
}
}
VAR-201704-0947
Vulnerability from variot - Updated: 2025-04-20 23:27HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a HTTP header injection vulnerability. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Forged information may be displayed on the logged-in user's web browser by exploiting HTTP response splitting. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. Remote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0947",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-ptcam\\/poe",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlce",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.17"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.17"
},
{
"model": "ts-ptcam\\/poe",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.00"
},
{
"model": "ts-wlc",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.18"
},
{
"model": "ts-wrlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.01"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlce",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wlc2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wlce_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wrlc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "96620"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2111",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-2111",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000039",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-02674",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-110314",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-2111",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000039",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2111",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2017-000039",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-02674",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110314",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "VULHUB",
"id": "VHN-110314"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a HTTP header injection vulnerability. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Forged information may be displayed on the logged-in user\u0027s web browser by exploiting HTTP response splitting. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. \nRemote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2111"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "VULHUB",
"id": "VHN-110314"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2111",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN46830433",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039",
"trust": 2.0
},
{
"db": "BID",
"id": "96620",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02674",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110314",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "VULHUB",
"id": "VHN-110314"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
}
]
},
"id": "VAR-201704-0947",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "VULHUB",
"id": "VHN-110314"
}
],
"trust": 1.3627042399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
}
]
},
"last_update_date": "2025-04-20T23:27:26.119000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"title": "Patches for multiple I-ODATAnetworkcameraHTTP header injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/90445"
},
{
"title": "Multiple I-O DATA network camera Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67990"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-93",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110314"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn46830433/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"trust": 1.2,
"url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000039.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/96620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2111"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2111"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "VULHUB",
"id": "VHN-110314"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "VULHUB",
"id": "VHN-110314"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110314"
},
{
"date": "2017-03-02T00:00:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"date": "2017-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-086"
},
{
"date": "2017-04-28T16:59:01.043000",
"db": "NVD",
"id": "CVE-2017-2111"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-110314"
},
{
"date": "2017-03-16T00:01:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"date": "2017-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-086"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2111"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to HTTP header injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
],
"trust": 0.6
}
}
VAR-201704-0949
Vulnerability from variot - Updated: 2025-04-20 23:27Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a Buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. Remote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0949",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-ptcam\\/poe",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlce",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.17"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.17"
},
{
"model": "ts-ptcam\\/poe",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.00"
},
{
"model": "ts-wlc",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.18"
},
{
"model": "ts-wrlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.01"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlce",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wlc2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wlce_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wrlc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "96620"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2113",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2017-2113",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000041",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-02695",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-110316",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-2113",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000041",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2113",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000041",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-02695",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-110316",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "VULHUB",
"id": "VHN-110316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a Buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. \nRemote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2113"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "VULHUB",
"id": "VHN-110316"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2113",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN46830433",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041",
"trust": 2.0
},
{
"db": "BID",
"id": "96620",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02695",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110316",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "VULHUB",
"id": "VHN-110316"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
}
]
},
"id": "VAR-201704-0949",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "VULHUB",
"id": "VHN-110316"
}
],
"trust": 1.3627042399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
}
]
},
"last_update_date": "2025-04-20T23:27:26.084000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"title": "Patches for multiple I-ODATAnetworkcamera buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/90473"
},
{
"title": "Multiple I-O DATA network camera Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67988"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn46830433/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"trust": 1.2,
"url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000041.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/96620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2113"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2113"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "VULHUB",
"id": "VHN-110316"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "VULHUB",
"id": "VHN-110316"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110316"
},
{
"date": "2017-03-02T00:00:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"date": "2017-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-088"
},
{
"date": "2017-04-28T16:59:01.107000",
"db": "NVD",
"id": "CVE-2017-2113"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"date": "2017-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-110316"
},
{
"date": "2017-03-16T00:01:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"date": "2017-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-088"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2113"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
],
"trust": 0.6
}
}
VAR-201706-0095
Vulnerability from variot - Updated: 2025-04-20 23:23Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed or a denial-of-service (DoS) condition may be caused. Attackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. The following products are affected : TS-WRLP firmware version 1.01.02 and prior. TS-WRLA firmware version 1.01.02 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0095",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wrla",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrlp",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrla",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01.02"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01.02"
}
],
"sources": [
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:ts-wrla",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:ts-wrlp",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "94594"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-7820",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000235",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-96640",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2016-7820",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-000235",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7820",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000235",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-713",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-96640",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed or a denial-of-service (DoS) condition may be caused. \nAttackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. \nThe following products are affected :\nTS-WRLP firmware version 1.01.02 and prior. \nTS-WRLA firmware version 1.01.02 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7820"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "VULHUB",
"id": "VHN-96640"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN25059363",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2016-7820",
"trust": 2.8
},
{
"db": "BID",
"id": "94594",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96640",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96640"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
}
]
},
"id": "VAR-201706-0095",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96640"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:23:45.412000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
},
{
"title": "I-O DATA DEVICE TS-WRLP and TS-WRLA Buffer Overflow Vulnerability and Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65980"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://jvn.jp/en/jp/jvn25059363/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94594"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7820"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7820"
},
{
"trust": 0.3,
"url": "www.iodata.jp/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96640"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96640"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96640"
},
{
"date": "2016-11-30T00:00:00",
"db": "BID",
"id": "94594"
},
{
"date": "2016-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-713"
},
{
"date": "2017-06-09T16:29:00.877000",
"db": "NVD",
"id": "CVE-2016-7820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-96640"
},
{
"date": "2016-12-20T01:04:00",
"db": "BID",
"id": "94594"
},
{
"date": "2018-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-713"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-7820"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
],
"trust": 0.6
}
}
VAR-201706-0094
Vulnerability from variot - Updated: 2025-04-20 23:23I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed. Attackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. The following products are affected : TS-WRLP firmware version 1.01.02 and prior. TS-WRLA firmware version 1.01.02 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0094",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wrla",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrlp",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrla",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01.02"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01.02"
}
],
"sources": [
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:ts-wrla",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:ts-wrlp",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "94594"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7819",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-7819",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000234",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-96639",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2016-7819",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-000234",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7819",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000234",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-712",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-96639",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96639"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed. \nAttackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. \nThe following products are affected :\nTS-WRLP firmware version 1.01.02 and prior. \nTS-WRLA firmware version 1.01.02 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7819"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "VULHUB",
"id": "VHN-96639"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7819",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN25059363",
"trust": 2.8
},
{
"db": "BID",
"id": "94594",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96639",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96639"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
}
]
},
"id": "VAR-201706-0094",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96639"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:23:45.381000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
},
{
"title": "I-O DATA DEVICE TS-WRLP and TS-WRLA Buffer Overflow Vulnerability and Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65979"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96639"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://jvn.jp/en/jp/jvn25059363/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94594"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7819"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7819"
},
{
"trust": 0.3,
"url": "www.iodata.jp/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96639"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96639"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96639"
},
{
"date": "2016-11-30T00:00:00",
"db": "BID",
"id": "94594"
},
{
"date": "2016-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-712"
},
{
"date": "2017-06-09T16:29:00.843000",
"db": "NVD",
"id": "CVE-2016-7819"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-96639"
},
{
"date": "2016-12-20T01:04:00",
"db": "BID",
"id": "94594"
},
{
"date": "2018-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-712"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-7819"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to OS command injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
],
"trust": 0.6
}
}
VAR-201708-0808
Vulnerability from variot - Updated: 2025-04-20 23:04WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A buffer overflow vulnerability exists in WN-AX1167GR using firmware version 3.00 and earlier. An attacker could exploit this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0808",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-ax1167gr",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "3.00"
},
{
"model": "wn-ax1167gr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 3.00"
},
{
"model": "wn-ax1167gr",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=3.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-084"
},
{
"db": "NVD",
"id": "CVE-2017-2280"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-ax1167gr",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
}
]
},
"cve": "CVE-2017-2280",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2017-2280",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-20143",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-110483",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-2280",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2017-000185",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2280",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000185",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-20143",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-084",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-110483",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-2280",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20143"
},
{
"db": "VULHUB",
"id": "VHN-110483"
},
{
"db": "VULMON",
"id": "CVE-2017-2280"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-084"
},
{
"db": "NVD",
"id": "CVE-2017-2280"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A buffer overflow vulnerability exists in WN-AX1167GR using firmware version 3.00 and earlier. An attacker could exploit this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2280"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNVD",
"id": "CNVD-2017-20143"
},
{
"db": "VULHUB",
"id": "VHN-110483"
},
{
"db": "VULMON",
"id": "CVE-2017-2280"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN01312667",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2017-2280",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-084",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-20143",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110483",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-2280",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20143"
},
{
"db": "VULHUB",
"id": "VHN-110483"
},
{
"db": "VULMON",
"id": "CVE-2017-2280"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-084"
},
{
"db": "NVD",
"id": "CVE-2017-2280"
}
]
},
"id": "VAR-201708-0808",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20143"
},
{
"db": "VULHUB",
"id": "VHN-110483"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20143"
}
]
},
"last_update_date": "2025-04-20T23:04:32.160000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
},
{
"title": "Patch for I-ODATAWN-AX1167GR Buffer Overflow Vulnerability (CNVD-2017-20143)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/99811"
},
{
"title": "I-O DATA DEVICE WN-AX1167GR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72358"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "NVD",
"id": "CVE-2017-2280"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://jvn.jp/en/jp/jvn01312667/index.html"
},
{
"trust": 1.8,
"url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2280"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2281"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2282"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2280"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2281"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2282"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn01312667/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20143"
},
{
"db": "VULHUB",
"id": "VHN-110483"
},
{
"db": "VULMON",
"id": "CVE-2017-2280"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-084"
},
{
"db": "NVD",
"id": "CVE-2017-2280"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-20143"
},
{
"db": "VULHUB",
"id": "VHN-110483"
},
{
"db": "VULMON",
"id": "CVE-2017-2280"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-084"
},
{
"db": "NVD",
"id": "CVE-2017-2280"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-20143"
},
{
"date": "2017-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-110483"
},
{
"date": "2017-08-02T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2280"
},
{
"date": "2017-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-084"
},
{
"date": "2017-08-02T16:29:00.377000",
"db": "NVD",
"id": "CVE-2017-2280"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-20143"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-110483"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2280"
},
{
"date": "2018-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-084"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2280"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in I-O DATA WN-AX1167GR",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-084"
}
],
"trust": 0.6
}
}
VAR-201708-0809
Vulnerability from variot - Updated: 2025-04-20 23:04WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute arbitrary code on the device - CVE-2017-2280 * A user with access to the affected device may execute an arbitrary command - CVE-2017-2281 * If a user views a specially crafted page while logged into the affected device, an arbitrary command may be executed - CVE-2017-2282
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0809",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-ax1167gr",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "3.00"
},
{
"model": "wn-ax1167gr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 3.00"
},
{
"model": "wn-ax1167gr",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=3.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20142"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-083"
},
{
"db": "NVD",
"id": "CVE-2017-2281"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-ax1167gr",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
}
]
},
"cve": "CVE-2017-2281",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2017-2281",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-20142",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-110484",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-2281",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2017-000185",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2281",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000185",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-20142",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-083",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-110484",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20142"
},
{
"db": "VULHUB",
"id": "VHN-110484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-083"
},
{
"db": "NVD",
"id": "CVE-2017-2281"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute arbitrary code on the device - CVE-2017-2280 * A user with access to the affected device may execute an arbitrary command - CVE-2017-2281 * If a user views a specially crafted page while logged into the affected device, an arbitrary command may be executed - CVE-2017-2282",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2281"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNVD",
"id": "CNVD-2017-20142"
},
{
"db": "VULHUB",
"id": "VHN-110484"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2281",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN01312667",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-083",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-20142",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110484",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20142"
},
{
"db": "VULHUB",
"id": "VHN-110484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-083"
},
{
"db": "NVD",
"id": "CVE-2017-2281"
}
]
},
"id": "VAR-201708-0809",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20142"
},
{
"db": "VULHUB",
"id": "VHN-110484"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20142"
}
]
},
"last_update_date": "2025-04-20T23:04:32.130000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
},
{
"title": "I-ODATAWN-AX1167GR operating system command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/99810"
},
{
"title": "I-O DATA DEVICE WN-AX1167GR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72357"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20142"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-083"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "NVD",
"id": "CVE-2017-2281"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn01312667/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2280"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2281"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2282"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2280"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2281"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2282"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn01312667/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20142"
},
{
"db": "VULHUB",
"id": "VHN-110484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-083"
},
{
"db": "NVD",
"id": "CVE-2017-2281"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-20142"
},
{
"db": "VULHUB",
"id": "VHN-110484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-083"
},
{
"db": "NVD",
"id": "CVE-2017-2281"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-20142"
},
{
"date": "2017-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-110484"
},
{
"date": "2017-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-083"
},
{
"date": "2017-08-02T16:29:00.427000",
"db": "NVD",
"id": "CVE-2017-2281"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-20142"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-110484"
},
{
"date": "2018-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-083"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2281"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-083"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in I-O DATA WN-AX1167GR",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-083"
}
],
"trust": 0.6
}
}
VAR-201708-0810
Vulnerability from variot - Updated: 2025-04-20 23:04Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute arbitrary code on the device - CVE-2017-2280 * A user with access to the affected device may execute an arbitrary command - CVE-2017-2281 * If a user views a specially crafted page while logged into the affected device, an arbitrary command may be executed - CVE-2017-2282
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0810",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-ax1167gr",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "3.00"
},
{
"model": "wn-ax1167gr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 3.00"
},
{
"model": "wn-ax1167gr",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=3.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20141"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-082"
},
{
"db": "NVD",
"id": "CVE-2017-2282"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-ax1167gr",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
}
]
},
"cve": "CVE-2017-2282",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2017-2282",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2017-20141",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-110485",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2017-2282",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000185",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2017-000185",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2282",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2017-000185",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-20141",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-082",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110485",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20141"
},
{
"db": "VULHUB",
"id": "VHN-110485"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-082"
},
{
"db": "NVD",
"id": "CVE-2017-2282"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute arbitrary code on the device - CVE-2017-2280 * A user with access to the affected device may execute an arbitrary command - CVE-2017-2281 * If a user views a specially crafted page while logged into the affected device, an arbitrary command may be executed - CVE-2017-2282",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2282"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNVD",
"id": "CNVD-2017-20141"
},
{
"db": "VULHUB",
"id": "VHN-110485"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2282",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN01312667",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-082",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-20141",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110485",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20141"
},
{
"db": "VULHUB",
"id": "VHN-110485"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-082"
},
{
"db": "NVD",
"id": "CVE-2017-2282"
}
]
},
"id": "VAR-201708-0810",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20141"
},
{
"db": "VULHUB",
"id": "VHN-110485"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20141"
}
]
},
"last_update_date": "2025-04-20T23:04:32.100000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
},
{
"title": "Patch for I-ODATAWN-AX1167GR Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/99809"
},
{
"title": "I-O DATA DEVICE WN-AX1167GR Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72356"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20141"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-082"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110485"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "NVD",
"id": "CVE-2017-2282"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn01312667/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2280"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2281"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2282"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2280"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2281"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2282"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn01312667/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20141"
},
{
"db": "VULHUB",
"id": "VHN-110485"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-082"
},
{
"db": "NVD",
"id": "CVE-2017-2282"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-20141"
},
{
"db": "VULHUB",
"id": "VHN-110485"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-082"
},
{
"db": "NVD",
"id": "CVE-2017-2282"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-20141"
},
{
"date": "2017-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-110485"
},
{
"date": "2017-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-082"
},
{
"date": "2017-08-02T16:29:00.457000",
"db": "NVD",
"id": "CVE-2017-2282"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-20141"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-110485"
},
{
"date": "2018-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000185"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-082"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2282"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-082"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in I-O DATA WN-AX1167GR",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000185"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-082"
}
],
"trust": 0.6
}
}
VAR-201606-0179
Vulnerability from variot - Updated: 2025-04-13 23:42I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a denial-of-service (DoS) vulnerability. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may cause the web server on the product to be terminated abnormally. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0179",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "etx-r",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "etx-r",
"scope": null,
"trust": 1.4,
"vendor": "i o data device",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:etx-r",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Junichi MURAKAMI of FFRI, Inc",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4821",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4821",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000101",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04210",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-93640",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4821",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000101",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4821",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000101",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04210",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-311",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93640",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "VULHUB",
"id": "VHN-93640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a denial-of-service (DoS) vulnerability. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may cause the web server on the product to be terminated abnormally. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. \nAn attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4821"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "BID",
"id": "91170"
},
{
"db": "VULHUB",
"id": "VHN-93640"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4821",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN96052093",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04210",
"trust": 0.6
},
{
"db": "BID",
"id": "91170",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-93640",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "VULHUB",
"id": "VHN-93640"
},
{
"db": "BID",
"id": "91170"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
}
]
},
"id": "VAR-201606-0179",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "VULHUB",
"id": "VHN-93640"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
}
]
},
"last_update_date": "2025-04-13T23:42:01.570000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/etx-r/"
},
{
"title": "I-ODATADEVICEETX-R patch for denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/77933"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn96052093/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/etx-r/"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000101"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4821"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4821"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000101.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "VULHUB",
"id": "VHN-93640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "VULHUB",
"id": "VHN-93640"
},
{
"db": "BID",
"id": "91170"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"date": "2016-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-93640"
},
{
"date": "2016-06-14T00:00:00",
"db": "BID",
"id": "91170"
},
{
"date": "2016-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"date": "2016-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-311"
},
{
"date": "2016-06-19T01:59:14.810000",
"db": "NVD",
"id": "CVE-2016-4821"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"date": "2016-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-93640"
},
{
"date": "2016-07-06T14:59:00",
"db": "BID",
"id": "91170"
},
{
"date": "2016-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"date": "2016-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-311"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4821"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE ETX-R Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
],
"trust": 0.6
}
}
VAR-201508-0611
Vulnerability from variot - Updated: 2025-04-13 23:41I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality.The device may be used in a DDoS attack, as a SSDP reflector. An attacker could exploit the vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-g54\\/r2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "np-bbrs",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "with all firmware"
},
{
"model": "wn-g54/r2",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "with firmware prior to ver.1.03"
},
{
"model": "data np-bbrs",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "data wn-g54/r2",
"scope": "lt",
"trust": 0.6,
"vendor": "i o",
"version": "1.03"
},
{
"model": "wn-g54\\/r2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:np-bbrs",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-g54%2Fr2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JPCERT",
"sources": [
{
"db": "BID",
"id": "76393"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
],
"trust": 0.9
},
"cve": "CVE-2015-2984",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2984",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000117",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05504",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-80945",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2984",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000117",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-05504",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-447",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80945",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "VULHUB",
"id": "VHN-80945"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality.The device may be used in a DDoS attack, as a SSDP reflector. An attacker could exploit the vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2984"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "BID",
"id": "76393"
},
{
"db": "VULHUB",
"id": "VHN-80945"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2984",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN17964918",
"trust": 2.8
},
{
"db": "BID",
"id": "76393",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05504",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80945",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "VULHUB",
"id": "VHN-80945"
},
{
"db": "BID",
"id": "76393"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
}
]
},
"id": "VAR-201508-0611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "VULHUB",
"id": "VHN-80945"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
}
]
},
"last_update_date": "2025-04-13T23:41:20.153000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website ",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2015/wn-g54r2/"
},
{
"title": "Patch for I-O DATA DEVICE NP-BBRS and WN-G54/R2 Remote Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/62765"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80945"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn17964918/index.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/76393"
},
{
"trust": 2.0,
"url": "http://www.iodata.jp/support/information/2015/wn-g54r2/"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000117"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2984"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2984"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "VULHUB",
"id": "VHN-80945"
},
{
"db": "BID",
"id": "76393"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "VULHUB",
"id": "VHN-80945"
},
{
"db": "BID",
"id": "76393"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"date": "2015-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-80945"
},
{
"date": "2015-08-18T00:00:00",
"db": "BID",
"id": "76393"
},
{
"date": "2015-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"date": "2015-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-447"
},
{
"date": "2015-08-22T18:59:00.123000",
"db": "NVD",
"id": "CVE-2015-2984"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-80945"
},
{
"date": "2015-08-18T00:00:00",
"db": "BID",
"id": "76393"
},
{
"date": "2015-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"date": "2015-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-447"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2984"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA LAN routers vulnerable in UPnP functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
],
"trust": 0.6
}
}
VAR-201609-0259
Vulnerability from variot - Updated: 2025-04-13 23:39Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content. Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page, an arbitrary content may be deleted. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. IO DATA DEVICE HVL-A, etc. A remote attacker could exploit this vulnerability to delete content. The following versions are affected: The following products using firmware versions earlier than 2.04 are affected: IO DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL -AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, HVL-AT4.0A
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hvl-a4.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at4.0a",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at1.0s",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-a2.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at2.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at2.0a",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at4.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-a3.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at3.0a",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at3.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-a2.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-a3.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-a4.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at1.0s",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at2.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at2.0a",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at3.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at3.0a",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at4.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at4.0a",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "i-o data device hvl-a2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-a3.0",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at1.0s",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at3.0",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at2.0a",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at3.0a",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at4.0a",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at4.0",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "data device hvl-at4.0a",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at4.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at3.0a",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at3.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at2.0a",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at2.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at1.0s",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-a4.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-a3.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-a2.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at4.0a",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at4.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at3.0a",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at3.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at2.0a",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at2.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at1.0s",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-a4.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-a3.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-a2.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "BID",
"id": "92352"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:i-o_data_device:hvl-a2.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:hvl-a3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:hvl-a4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:hvl-at1.0s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:hvl-at2.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:hvl-at2.0a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:hvl-at3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:hvl-at3.0a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:hvl-at4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:hvl-at4.0a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kaito834",
"sources": [
{
"db": "BID",
"id": "92352"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
],
"trust": 0.9
},
"cve": "CVE-2016-4845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4845",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000134",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-09923",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-93664",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-4845",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000134",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000134",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-09923",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-227",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93664",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "VULHUB",
"id": "VHN-93664"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content. Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page, an arbitrary content may be deleted. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. IO DATA DEVICE HVL-A, etc. A remote attacker could exploit this vulnerability to delete content. The following versions are affected: The following products using firmware versions earlier than 2.04 are affected: IO DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL -AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, HVL-AT4.0A",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4845"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "BID",
"id": "92352"
},
{
"db": "VULHUB",
"id": "VHN-93664"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN35062083",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2016-4845",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134",
"trust": 3.1
},
{
"db": "BID",
"id": "92352",
"trust": 2.6
},
{
"db": "CNVD",
"id": "CNVD-2016-09923",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93664",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "VULHUB",
"id": "VHN-93664"
},
{
"db": "BID",
"id": "92352"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
}
]
},
"id": "VAR-201609-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "VULHUB",
"id": "VHN-93664"
}
],
"trust": 1.6375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
}
]
},
"last_update_date": "2025-04-13T23:39:31.106000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/hvl-a_csrf/"
},
{
"title": "Patches for cross-site request forgery vulnerabilities for multiple I-ODATADEVICE products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/80512"
},
{
"title": "Multiple I-O DATA DEVICE Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63615"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93664"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://jvn.jp/en/jp/jvn35062083/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92352"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/hvl-a_csrf/"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000134"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4845"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4845"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000134.html"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "VULHUB",
"id": "VHN-93664"
},
{
"db": "BID",
"id": "92352"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "VULHUB",
"id": "VHN-93664"
},
{
"db": "BID",
"id": "92352"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"date": "2016-09-24T00:00:00",
"db": "VULHUB",
"id": "VHN-93664"
},
{
"date": "2016-08-08T00:00:00",
"db": "BID",
"id": "92352"
},
{
"date": "2016-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"date": "2016-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-227"
},
{
"date": "2016-09-24T10:59:01.243000",
"db": "NVD",
"id": "CVE-2016-4845"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"date": "2017-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-93664"
},
{
"date": "2016-08-08T00:00:00",
"db": "BID",
"id": "92352"
},
{
"date": "2016-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"date": "2016-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-227"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4845"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
],
"trust": 0.6
}
}
VAR-201605-0315
Vulnerability from variot - Updated: 2025-04-13 23:37Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. WN-G300R Series provided by I-O DATA DEVICE, INC. contains a cross-site scripting vulnerability. WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Yuta TESHIMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. WN-G300R Series Routers are prone to an unspecified HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The following versions are vulnerable: WN-G300R firmware Ver.1.12 and prior. WN-G300R2 firmware Ver.1.12 and prior. WN-G300R3 firmware Ver.1.01 and prior. IO DATA WN-G300R etc. Attackers can exploit this vulnerability to inject arbitrary web scripts or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "wn-g300r",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.12"
},
{
"model": "wn-g300r2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.12"
},
{
"model": "wn-g300r",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver.1.12"
},
{
"model": "wn-g300r2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver.1.12"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver.1.01"
},
{
"model": "data device wn-g300r",
"scope": "lte",
"trust": 0.6,
"vendor": "i o",
"version": "\u003c=1.12"
},
{
"model": "data device wn-g300r2",
"scope": "lte",
"trust": 0.6,
"vendor": "i o",
"version": "\u003c=1.12"
},
{
"model": "data device wn-g300r3",
"scope": "lte",
"trust": 0.6,
"vendor": "i o",
"version": "\u003c=1.01"
},
{
"model": "wn-g300r2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": null
},
{
"model": "wn-g300r3",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": null
},
{
"model": "wn-g300r",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r3_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Yuta TESHIMA of Cyber Defense Institute, Inc.",
"sources": [
{
"db": "BID",
"id": "90609"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1207",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2016-1207",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000062",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.4,
"id": "CNVD-2016-03193",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-90026",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2016-1207",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000062",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1207",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000062",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-03193",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-377",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-90026",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "VULHUB",
"id": "VHN-90026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. WN-G300R Series provided by I-O DATA DEVICE, INC. contains a cross-site scripting vulnerability. WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Yuta TESHIMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. WN-G300R Series Routers are prone to an unspecified HTML-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. \nThe following versions are vulnerable:\nWN-G300R firmware Ver.1.12 and prior. \nWN-G300R2 firmware Ver.1.12 and prior. \nWN-G300R3 firmware Ver.1.01 and prior. IO DATA WN-G300R etc. Attackers can exploit this vulnerability to inject arbitrary web scripts or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1207"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "BID",
"id": "90609"
},
{
"db": "VULHUB",
"id": "VHN-90026"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN22978346",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2016-1207",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2016-03193",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377",
"trust": 0.6
},
{
"db": "BID",
"id": "90609",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90026",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "VULHUB",
"id": "VHN-90026"
},
{
"db": "BID",
"id": "90609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
}
]
},
"id": "VAR-201605-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "VULHUB",
"id": "VHN-90026"
}
],
"trust": 1.5194444333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
}
]
},
"last_update_date": "2025-04-13T23:37:29.122000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/wn-g300r_xss/"
},
{
"title": "Patch for multiple cross-site scripting vulnerabilities in I-ODATA products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/75964"
},
{
"title": "Multiple I-O DATA WN-G300R Fixes for product cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61694"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://jvn.jp/en/jp/jvn22978346/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/wn-g300r_xss/"
},
{
"trust": 1.2,
"url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000062.html"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000062"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1207"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1207"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "VULHUB",
"id": "VHN-90026"
},
{
"db": "BID",
"id": "90609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "VULHUB",
"id": "VHN-90026"
},
{
"db": "BID",
"id": "90609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"date": "2016-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-90026"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90609"
},
{
"date": "2016-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-377"
},
{
"date": "2016-05-14T16:59:01.197000",
"db": "NVD",
"id": "CVE-2016-1207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"date": "2016-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-90026"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90609"
},
{
"date": "2016-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-377"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1207"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-G300R Series vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
],
"trust": 0.6
}
}
VAR-201605-0314
Vulnerability from variot - Updated: 2025-04-13 23:23The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. WN-GDN/R3 Series provided by I-O DATA DEVICE, INC. does not limit authentication attempts. WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. WN-GDN/R3 Series Routers are prone to an authentication-bypass vulnerability. Successfully exploiting this issue may lead to further attacks. The following products are affected: WN-GDN/R3 WN-GDN/R3-S WN-GDN/R3-U WN-GDN/R3-C. There are security vulnerabilities in the WPS implementation of several IO DATA DEVICE products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-gdn\\/r3",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "wn-gdn/r3",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "wn-gdn/r3-c",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "wn-gdn/r3-s",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "wn-gdn/r3-u",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "data device wn-gdn/r3",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "data device wn-gdn/r3-c",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "data device wn-gdn/r3-s",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "data device wn-gdn/r3-u",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-gdn%2fr3",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-gdn%2fr3-c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-gdn%2fr3-s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-gdn%2fr3-u",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi.",
"sources": [
{
"db": "BID",
"id": "90613"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1206",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2016-1206",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000061",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2016-03198",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-90025",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1206",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000061",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1206",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000061",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-03198",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-376",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-90025",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "VULHUB",
"id": "VHN-90025"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. WN-GDN/R3 Series provided by I-O DATA DEVICE, INC. does not limit authentication attempts. WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. WN-GDN/R3 Series Routers are prone to an authentication-bypass vulnerability. Successfully exploiting this issue may lead to further attacks. \nThe following products are affected:\nWN-GDN/R3\nWN-GDN/R3-S\nWN-GDN/R3-U\nWN-GDN/R3-C. There are security vulnerabilities in the WPS implementation of several IO DATA DEVICE products",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1206"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "BID",
"id": "90613"
},
{
"db": "VULHUB",
"id": "VHN-90025"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1206",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN25674893",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2016-03198",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376",
"trust": 0.6
},
{
"db": "BID",
"id": "90613",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90025",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "VULHUB",
"id": "VHN-90025"
},
{
"db": "BID",
"id": "90613"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
}
]
},
"id": "VAR-201605-0314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "VULHUB",
"id": "VHN-90025"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
}
]
},
"last_update_date": "2025-04-13T23:23:36.297000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/"
},
{
"title": "Manual - Settings screen",
"trust": 0.8,
"url": "http://www.iodata.jp/lib/manual/wn-gdn_r3_h01/htm2/set06.htm"
},
{
"title": "Patches for multiple I-ODATADEVICE product PIN recovery vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/75962"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90025"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn25674893/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000061"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1206"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu723755/"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1206"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000061.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "VULHUB",
"id": "VHN-90025"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "VULHUB",
"id": "VHN-90025"
},
{
"db": "BID",
"id": "90613"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"date": "2016-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-90025"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90613"
},
{
"date": "2016-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-376"
},
{
"date": "2016-05-14T16:59:00.133000",
"db": "NVD",
"id": "CVE-2016-1206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"date": "2016-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-90025"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90613"
},
{
"date": "2016-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"date": "2016-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-376"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1206"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-GDN/R3 Series does not limit authentication attempts",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
}
],
"trust": 0.6
}
}
VAR-201606-0178
Vulnerability from variot - Updated: 2025-04-13 23:14Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability (CWE-352). Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "etx-r",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "etx-r",
"scope": null,
"trust": 1.4,
"vendor": "i o data device",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:etx-r",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Junichi MURAKAMI of FFRI, Inc",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4820",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000100",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2016-04211",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-93639",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-4820",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000100",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4820",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000100",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04211",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-312",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93639",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "VULHUB",
"id": "VHN-93639"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability (CWE-352). Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4820"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "BID",
"id": "91173"
},
{
"db": "VULHUB",
"id": "VHN-93639"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN61317238",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2016-4820",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04211",
"trust": 0.6
},
{
"db": "BID",
"id": "91173",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-93639",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "VULHUB",
"id": "VHN-93639"
},
{
"db": "BID",
"id": "91173"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
}
]
},
"id": "VAR-201606-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "VULHUB",
"id": "VHN-93639"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
}
]
},
"last_update_date": "2025-04-13T23:14:16.362000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/etx-r/"
},
{
"title": "Patch for I-ODATADEVICEETX-R cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/77932"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93639"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://jvn.jp/en/jp/jvn61317238/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/etx-r/"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000100"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4820"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4820"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000100.html"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "VULHUB",
"id": "VHN-93639"
},
{
"db": "BID",
"id": "91173"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "VULHUB",
"id": "VHN-93639"
},
{
"db": "BID",
"id": "91173"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"date": "2016-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-93639"
},
{
"date": "2016-06-14T00:00:00",
"db": "BID",
"id": "91173"
},
{
"date": "2016-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"date": "2016-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-312"
},
{
"date": "2016-06-19T01:59:13.857000",
"db": "NVD",
"id": "CVE-2016-4820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"date": "2016-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-93639"
},
{
"date": "2016-06-14T00:00:00",
"db": "BID",
"id": "91173"
},
{
"date": "2016-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"date": "2016-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-312"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4820"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE ETX-R Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
],
"trust": 0.6
}
}
VAR-201407-0486
Vulnerability from variot - Updated: 2025-04-13 22:28The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability.An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. I-O DATA DEVICE I-O DATA TS-WLCAM and others are camera products of Japan I-O DATA DEVICE. Security vulnerabilities exist in several I-O DATA DEVICE I-O DATA IP Cameras products. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0486",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wlcam\\/v camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.0.6"
},
{
"model": "ts-wptcam camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.0.8"
},
{
"model": "ts-wlc2 camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "ts-wlc2 camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-wlcam camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-wlcam camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.06"
},
{
"model": "ts-ptcam camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-wptcam camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-ptcam camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "ts-wlcam\\/v camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-ptcam\\/poe camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "ts-ptcam\\/poe camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.08"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.08"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.02"
},
{
"model": "ts-wlcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.06"
},
{
"model": "ts-wlcam/v",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.06"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.08"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.08"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.08"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.02"
},
{
"model": "ts-wlcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.06"
},
{
"model": "ts-wlcam/v",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.06"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.06"
},
{
"model": "ts-wptcam camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.0.8"
},
{
"model": "ts-wlc2 camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "ts-ptcam camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "ts-wlcam\\/v camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.0.6"
},
{
"model": "ts-wlcam camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.06"
},
{
"model": "ts-ptcam\\/poe camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.08"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wlc2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wlcam_camera_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wlcam%2Fv_camera_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "68989"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3895",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3895",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-000087",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04720",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-71835",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3895",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-000087",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-04720",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-707",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71835",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "VULHUB",
"id": "VHN-71835"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability.An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. I-O DATA DEVICE I-O DATA TS-WLCAM and others are camera products of Japan I-O DATA DEVICE. Security vulnerabilities exist in several I-O DATA DEVICE I-O DATA IP Cameras products. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3895"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "BID",
"id": "68989"
},
{
"db": "VULHUB",
"id": "VHN-71835"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3895",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN94592501",
"trust": 2.5
},
{
"db": "BID",
"id": "68989",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-04720",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-71835",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "VULHUB",
"id": "VHN-71835"
},
{
"db": "BID",
"id": "68989"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
}
]
},
"id": "VAR-201407-0486",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "VULHUB",
"id": "VHN-71835"
}
],
"trust": 1.50159314
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-04720"
}
]
},
"last_update_date": "2025-04-13T22:28:16.619000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2014/qwatch/"
},
{
"title": "A variety of I-O DATA DEVICE I-O DATA IP Cameras security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/48075"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71835"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000087"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2014/qwatch/"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn94592501/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3895"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20140729-jvn.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn94592501/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3895"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "VULHUB",
"id": "VHN-71835"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "VULHUB",
"id": "VHN-71835"
},
{
"db": "BID",
"id": "68989"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"date": "2014-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-71835"
},
{
"date": "2014-07-31T00:00:00",
"db": "BID",
"id": "68989"
},
{
"date": "2014-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"date": "2014-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-707"
},
{
"date": "2014-07-29T20:55:08.583000",
"db": "NVD",
"id": "CVE-2014-3895"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"date": "2014-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-71835"
},
{
"date": "2014-07-31T00:00:00",
"db": "BID",
"id": "68989"
},
{
"date": "2014-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"date": "2014-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-707"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3895"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA IP Cameras vulnerable to authentication bypass",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
}
],
"trust": 0.6
}
}
VAR-201310-0460
Vulnerability from variot - Updated: 2025-04-11 23:19I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. I-O DATA HDL is a network mobile device with built-in LAN connectivity. I-O DATA HDL has an unspecified error that allows an attacker to exploit a vulnerability to hijack other user sessions. Multiple I-O DATA products are prone to an unspecified session-hijacking vulnerability. Following devices running firmware versions 1.07 and prior are vulnerable: HDL-A series including HDL-AS, HDL-AH and HDL-A/E HDL2-A series including HDL2-AH and HDL2-A/E
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0460",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdl2-ah",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "hdl-as",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "hdl-ah",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "hdl-a\\/e",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "hdl2-a\\/e",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "hdl-a",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.07"
},
{
"model": "hdl2-a",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": "1.07"
},
{
"model": "hdl-a series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl-a series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "(includes hdl-as, hdl-ah, hdl-a/e series) firmware version 1.07"
},
{
"model": "hdl-a/e series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl-ah series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl-as series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl2-a series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl2-a series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "(includes hdl2-ah, hdl2-a/e series) firmware version 1.07"
},
{
"model": "hdl2-a/e series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl2-ah series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "data hdl-a series",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "data hdl2-a series",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-a%2fe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-ah",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-as",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl2-a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl2-a%2fe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl2-ah",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kazuki Hirota from Keio University Keiji Takeda Research Group.",
"sources": [
{
"db": "BID",
"id": "63225"
}
],
"trust": 0.3
},
"cve": "CVE-2013-4712",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-4712",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-000095",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-14024",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-64714",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4712",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2013-000095",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-14024",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-471",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64714",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "VULHUB",
"id": "VHN-64714"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. I-O DATA HDL is a network mobile device with built-in LAN connectivity. I-O DATA HDL has an unspecified error that allows an attacker to exploit a vulnerability to hijack other user sessions. Multiple I-O DATA products are prone to an unspecified session-hijacking vulnerability. \nFollowing devices running firmware versions 1.07 and prior are vulnerable:\nHDL-A series including HDL-AS, HDL-AH and HDL-A/E\nHDL2-A series including HDL2-AH and HDL2-A/E",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4712"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "BID",
"id": "63225"
},
{
"db": "VULHUB",
"id": "VHN-64714"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4712",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN52509236",
"trust": 3.1
},
{
"db": "BID",
"id": "63225",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-14024",
"trust": 0.6
},
{
"db": "JVN",
"id": "JVN#52509236",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-64714",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "VULHUB",
"id": "VHN-64714"
},
{
"db": "BID",
"id": "63225"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
}
]
},
"id": "VAR-201310-0460",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "VULHUB",
"id": "VHN-64714"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
}
]
},
"last_update_date": "2025-04-11T23:19:27.462000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iobb.net/remotelinkaccess/"
},
{
"title": "Patch for Unknown Session Hijacking Vulnerabilities in Multiple I-O DATA Products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/40481"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64714"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn52509236/index.html"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn52509236/225184/index.html"
},
{
"trust": 1.7,
"url": "http://rm2.iobb.net"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2013-000095"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4712"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4712"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000095.html"
},
{
"trust": 0.6,
"url": "http://jvn.jp/jp/jvn52509236/index.html"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/ja/contents/2013/jvndb-2013-000095.html"
},
{
"trust": 0.6,
"url": "http:"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "VULHUB",
"id": "VHN-64714"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "VULHUB",
"id": "VHN-64714"
},
{
"db": "BID",
"id": "63225"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"date": "2013-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-64714"
},
{
"date": "2013-10-18T00:00:00",
"db": "BID",
"id": "63225"
},
{
"date": "2013-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"date": "2013-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-471"
},
{
"date": "2013-10-19T10:36:07.697000",
"db": "NVD",
"id": "CVE-2013-4712"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"date": "2013-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-64714"
},
{
"date": "2013-10-18T00:00:00",
"db": "BID",
"id": "63225"
},
{
"date": "2013-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"date": "2013-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-471"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-4712"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HDL-A and HDL2-A Series vulnerable in session management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
}
],
"trust": 0.6
}
}
VAR-201311-0283
Vulnerability from variot - Updated: 2025-04-11 23:10Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. I-O DATA RockDisk NAS incorrectly filters data returned to users, allowing remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information, or hijack user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0283",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04n-2.0.1"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.03v3-1.13"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04a-1.2"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.03w-1.14"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04m-2.0.1"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.03y-1.16"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04r3-2.0.1"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04t-2.0.2"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04b-1.21"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "rockdisk",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.05c-2.0.3"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": "1.04d-2.0.1"
},
{
"model": "rockdisk",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "rockdisk",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.05e1-2.0.5"
},
{
"model": "data rockdisk nas 1.05c-2.0.3",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.05c-2.0.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:rockdisk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:i-o_data_device:rockdisk_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yuji Tounai of bogus.jp",
"sources": [
{
"db": "BID",
"id": "63392"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4713",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2013-4713",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2013-000096",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-14194",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-64715",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4713",
"trust": 1.0,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2013-000096",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-14194",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-720",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-64715",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "VULHUB",
"id": "VHN-64715"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. I-O DATA RockDisk NAS incorrectly filters data returned to users, allowing remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information, or hijack user sessions. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4713"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "BID",
"id": "63392"
},
{
"db": "VULHUB",
"id": "VHN-64715"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000096",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2013-4713",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN74608669",
"trust": 3.1
},
{
"db": "BID",
"id": "63392",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "55463",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-14194",
"trust": 0.6
},
{
"db": "JVN",
"id": "JVN#74608669",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-64715",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "VULHUB",
"id": "VHN-64715"
},
{
"db": "BID",
"id": "63392"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
}
]
},
"id": "VAR-201311-0283",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "VULHUB",
"id": "VHN-64715"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
}
]
},
"last_update_date": "2025-04-11T23:10:35.095000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
},
{
"title": "I-O DATA RockDisk NAS has patches for unidentified cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/40628"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64715"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn74608669/index.html"
},
{
"trust": 3.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2013-000096"
},
{
"trust": 1.7,
"url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4713"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4713"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/55463/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/63392"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "VULHUB",
"id": "VHN-64715"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "VULHUB",
"id": "VHN-64715"
},
{
"db": "BID",
"id": "63392"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"date": "2013-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-64715"
},
{
"date": "2013-10-29T00:00:00",
"db": "BID",
"id": "63392"
},
{
"date": "2013-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"date": "2013-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-720"
},
{
"date": "2013-11-01T02:55:04.933000",
"db": "NVD",
"id": "CVE-2013-4713"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"date": "2013-11-21T00:00:00",
"db": "VULHUB",
"id": "VHN-64715"
},
{
"date": "2013-11-01T01:01:00",
"db": "BID",
"id": "63392"
},
{
"date": "2014-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"date": "2013-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-720"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-4713"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RockDisk vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
],
"trust": 0.6
}
}
VAR-201809-0632
Vulnerability from variot - Updated: 2025-01-30 21:26Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0632",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wrlp\\/e",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp/e",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrlp\\/e",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:ts-wrla",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:ts-wrlp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:i-o_data_device:ts-wrlp%2Fe",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
}
]
},
"cve": "CVE-2018-0663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-0663",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/BS: 5.8AV:L/AC:L/Au:N/C:P/I:P/A:P/BS:4.6",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P/BS: 4.6",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-118865",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0663",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 6.3",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 4.3",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000089",
"trust": 2.4,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0663",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-402",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118865",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118865"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0663"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "VULHUB",
"id": "VHN-118865"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0663",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVN83701666",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402",
"trust": 0.7
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-118865",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-118865"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
}
]
},
"id": "VAR-201809-0632",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-118865"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:26:53.764000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"title": "Multiple I-O DATA Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84696"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118865"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn83701666/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0661"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0662"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0663"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0661"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0662"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0663"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-118865"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-118865"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-118865"
},
{
"date": "2018-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-402"
},
{
"date": "2018-09-07T14:29:03.257000",
"db": "NVD",
"id": "CVE-2018-0663"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-118865"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-402"
},
{
"date": "2024-11-21T03:38:41.593000",
"db": "NVD",
"id": "CVE-2018-0663"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple I-O DATA network camera products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
],
"trust": 0.6
}
}
VAR-201802-0652
Vulnerability from variot - Updated: 2024-11-23 22:48Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability (CWE-78). Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in the affected device may execute an arbitrary OS command. I-ODATADEVICEHDL-XR/XRWseries and so on are different series of network attached storage devices of Japan I-ODATADEVICE. There are operating system command injection vulnerabilities in MagicalFinder in several I-ODATADEVICE products. The following products and versions are affected: HDL-XR/XRW series with firmware version 2.01 and earlier; HDL-XR2U/XR2UW series with firmware version 2.01 and earlier; HDL-XV/XVW series with firmware version 1.50 and earlier; HDL-GT series with firmware version 1.37 and earlier; HDL-GTR series with firmware version earlier than 1.37, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0652",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdl-gtr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.37"
},
{
"model": "hdl-ah",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.26"
},
{
"model": "hdl-xvw",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.50"
},
{
"model": "whg-ac1750a",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "3.00"
},
{
"model": "wn-g300sr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "wn-g300r",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.14"
},
{
"model": "gv-ntx2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02.00"
},
{
"model": "hdl2-ah",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.26"
},
{
"model": "wnpr1167g",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "hdl2-a",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.26"
},
{
"model": "wn-ag300dgr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.05"
},
{
"model": "hdl-xr2uw",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.01"
},
{
"model": "wn-gx300gr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.00"
},
{
"model": "whg-ac1750",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.07"
},
{
"model": "wn-ac1600dgr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.06"
},
{
"model": "hdl-a",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.26"
},
{
"model": "wn-ax1167gr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "3.11"
},
{
"model": "hdl-xr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.01"
},
{
"model": "hdl-xv",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.50"
},
{
"model": "bx-vp1",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.01"
},
{
"model": "wn-ac583rk",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.06"
},
{
"model": "wn-ac1167dgr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "wnpr1167f",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "hdl-xr2u",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.01"
},
{
"model": "wn-ac1300ex",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "hls-c",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.12"
},
{
"model": "wn-ag750dgr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "hvl-ata",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.04"
},
{
"model": "hdl-xrw",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.01"
},
{
"model": "wnpr2600g",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "whg-napg",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "hvl-s",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "wn-g300ex",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "hvl-at",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.04"
},
{
"model": "hdl-gt",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.37"
},
{
"model": "whg-napgal",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.05"
},
{
"model": "hfas1",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.40"
},
{
"model": "whg-napga",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "whg-ac1750al",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.07"
},
{
"model": "hvl-a",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.04"
},
{
"model": "wnpr1750g",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "gv-ntx1",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02.00"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.04"
},
{
"model": "wn-ac583trk",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.05"
},
{
"model": "hdl-t",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.12"
},
{
"model": "bx-vp1",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.01"
},
{
"model": "gv-ntx1",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.02.00"
},
{
"model": "gv-ntx2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.02.00"
},
{
"model": "hdl-a series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.26"
},
{
"model": "hdl-ah series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.26"
},
{
"model": "hdl-gt series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.37"
},
{
"model": "hdl-gtr series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.37"
},
{
"model": "hdl-t series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.12"
},
{
"model": "hdl-xr series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.01"
},
{
"model": "hdl-xr2u series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.01"
},
{
"model": "hdl-xr2uw series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.01"
},
{
"model": "hdl-xrw series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.01"
},
{
"model": "hdl-xv series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.50"
},
{
"model": "hdl-xvw series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.50"
},
{
"model": "hdl2-a series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.26"
},
{
"model": "hdl2-ah series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.26"
},
{
"model": "hfas1 series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.40"
},
{
"model": "hls-c series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.12"
},
{
"model": "hvl-a series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.04"
},
{
"model": "hvl-at series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.04"
},
{
"model": "hvl-ata series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.04"
},
{
"model": "hvl-s series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00"
},
{
"model": "whg-ac1750/a",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 3.00"
},
{
"model": "whg-ac1750/al",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.07"
},
{
"model": "whg-napg/a",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.08"
},
{
"model": "whg-napg/al",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.05"
},
{
"model": "wn-ac1167dgr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.02"
},
{
"model": "wn-ac1300ex",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.02"
},
{
"model": "wn-ac1600dgr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.06"
},
{
"model": "wn-ac583rk",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.06"
},
{
"model": "wn-ac583trk",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.05"
},
{
"model": "wn-ag300dgr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.05"
},
{
"model": "wn-ag750dgr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.08"
},
{
"model": "wn-ax1167gr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 3.11"
},
{
"model": "wn-g300ex",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01"
},
{
"model": "wn-g300r",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.14"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.04"
},
{
"model": "wn-g300sr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00"
},
{
"model": "wn-gx300gr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.00"
},
{
"model": "wnpr1167f",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00"
},
{
"model": "wnpr1167g",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00"
},
{
"model": "wnpr1750g",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01"
},
{
"model": "wnpr2600g",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01"
},
{
"model": "hdl-gtr series",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.37"
},
{
"model": "hdl-gt series",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.37"
},
{
"model": "hdl-xv/xvw series",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.50"
},
{
"model": "hdl-xr2u/xr2uw series",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=2.0.1"
},
{
"model": "hdl-xr/xrw series",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=2.01"
},
{
"model": "wn-ac1600dgr",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "2.06"
},
{
"model": "wn-g300r",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.14"
},
{
"model": "wn-ac1300ex",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "wn-g300r3",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.04"
},
{
"model": "wn-ag300dgr",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.05"
},
{
"model": "wn-ac1167dgr",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "wn-ac583trk",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.05"
},
{
"model": "wn-g300sr",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "wn-g300ex",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "wn-ac583rk",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:bx-vp1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:gv-ntx1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:gv-ntx2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-ah",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-gt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-gtr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-t",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-xr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-xr2u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-xr2uw",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-xrw",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-xv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl-xvw",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl2-a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hdl2-ah",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hfas1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hls-c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hvl-a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hvl-at",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hvl-ata",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:hvl-s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:whg-ac1750a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:whg-ac1750%2fal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:whg-napga",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:whg-napgal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-ac1167dgr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-ac1300ex",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-ac1600dgr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-ac583rk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-ac583trk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-ag300dgr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-ag750dgr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-ax1167gr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-g300ex",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-g300r",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-g300r3",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-g300sr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wn-gx300gr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wnpr1167f",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wnpr1167g",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wnpr1750g",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:wnpr2600g",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
}
]
},
"cve": "CVE-2018-0512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CVE-2018-0512",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000007",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CNVD-2018-05725",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "VHN-118714",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-0512",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000007",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0512",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2018-000007",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-05725",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-259",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118714",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Devices with IP address setting tool \"MagicalFinder\" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. Multiple I-O DATA network devices that incorporate \"MagicalFinder\" contain an OS command injection vulnerability (CWE-78). Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in the affected device may execute an arbitrary OS command. I-ODATADEVICEHDL-XR/XRWseries and so on are different series of network attached storage devices of Japan I-ODATADEVICE. There are operating system command injection vulnerabilities in MagicalFinder in several I-ODATADEVICE products. The following products and versions are affected: HDL-XR/XRW series with firmware version 2.01 and earlier; HDL-XR2U/XR2UW series with firmware version 2.01 and earlier; HDL-XV/XVW series with firmware version 1.50 and earlier; HDL-GT series with firmware version 1.37 and earlier; HDL-GTR series with firmware version earlier than 1.37, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0512"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0512",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN36048131",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-05725",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118714",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
}
]
},
"id": "VAR-201802-0652",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
}
],
"trust": 1.4824074111111112
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
}
]
},
"last_update_date": "2024-11-23T22:48:46.962000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2018/magicalfinder/"
},
{
"title": "A variety of I-ODATADEVICE products MagicalFinder operating system command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122133"
},
{
"title": "Multiple I-O DATA DEVICE product MagicalFinder Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78373"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118714"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn36048131/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2018/magicalfinder/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0512"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0512"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"date": "2018-02-08T00:00:00",
"db": "VULHUB",
"id": "VHN-118714"
},
{
"date": "2018-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"date": "2018-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-259"
},
{
"date": "2018-02-08T14:29:00.213000",
"db": "NVD",
"id": "CVE-2018-0512"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"date": "2018-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-118714"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"date": "2018-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-259"
},
{
"date": "2024-11-21T03:38:23.193000",
"db": "NVD",
"id": "CVE-2018-0512"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network devices incorporating \"MagicalFinder\" vulnerable to OS command injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
],
"trust": 0.6
}
}
VAR-201809-0631
Vulnerability from variot - Updated: 2024-11-23 22:41Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. Several IO DATA products have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0631",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wrlp\\/e",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp/e",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrlp\\/e",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:i-o_data_device:ts-wrla",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:i-o_data_device:ts-wrlp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:i-o_data_device:ts-wrlp%2Fe",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
}
]
},
"cve": "CVE-2018-0662",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0662",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/BS: 5.8AV:L/AC:L/Au:N/C:P/I:P/A:P/BS:4.6",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P/BS: 4.6",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-118864",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-0662",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 6.3",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 4.3",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000089",
"trust": 2.4,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0662",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-403",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118864",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. Several IO DATA products have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0662"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "VULHUB",
"id": "VHN-118864"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN83701666",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-0662",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118864",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
}
]
},
"id": "VAR-201809-0631",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118864"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:41:41.332000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"title": "Multiple I-O DATA Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84697"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn83701666/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0661"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0662"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0663"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0661"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0662"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0663"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-118864"
},
{
"date": "2018-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-403"
},
{
"date": "2018-09-07T14:29:03.117000",
"db": "NVD",
"id": "CVE-2018-0662"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-118864"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-403"
},
{
"date": "2024-11-21T03:38:41.417000",
"db": "NVD",
"id": "CVE-2018-0662"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple I-O DATA network camera products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
],
"trust": 0.6
}
}