Search

Find a vulnerability

Search criteria

    41 vulnerabilities by iodata

    VAR-201704-0456

    Vulnerability from variot - Updated: 2025-04-20 23:43

    Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An arbitrary script may be executed on the user's web browser. I-ODATADEVICERockDisk is a network storage (NAS) device from I-ODATADEVICE, Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0456",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rockdisk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.05e1-2.0.5"
          },
          {
            "model": "rockdisk",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "rockdisk",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.05e1-2.0.5"
          },
          {
            "model": "rockdisk \u003c1.05e1-2.0.5",
            "scope": null,
            "trust": 0.6,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.05e1-2.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000069"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-743"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3887"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:rockdisk",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:rockdisk_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000069"
          }
        ]
      },
      "cve": "CVE-2014-3887",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2014-3887",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2014-000069",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-07173",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-71827",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2014-3887",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-3887",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2014-000069",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-07173",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-743",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-71827",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000069"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-743"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3887"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.  NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An arbitrary script may be executed on the user\u0027s web browser. I-ODATADEVICERockDisk is a network storage (NAS) device from I-ODATADEVICE, Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-3887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000069"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71827"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN74608669",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3887",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000069",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-743",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07173",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-71827",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000069"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-743"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3887"
          }
        ]
      },
      "id": "VAR-201704-0456",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71827"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:43:05.697000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
          },
          {
            "title": "Patch for I-ODATADEVICERockDisk Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/94063"
          },
          {
            "title": "I-O DATA DEVICE RockDisk Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70221"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000069"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-743"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-71827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000069"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3887"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://jvn.jp/en/jp/jvn74608669/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3887"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/jp/jvn74608669/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000096.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3887"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000069"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-743"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3887"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000069"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-743"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3887"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-71827"
          },
          {
            "date": "2014-07-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-000069"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-743"
          },
          {
            "date": "2017-04-13T17:59:00.277000",
            "db": "NVD",
            "id": "CVE-2014-3887"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          },
          {
            "date": "2017-04-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-71827"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-000069"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-743"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2014-3887"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-743"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA DEVICE RockDisk Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07173"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-743"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-743"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0928

    Vulnerability from variot - Updated: 2025-04-20 23:40

    Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user accesses a malicious URL while logged in, an arbitrary script may be executed on the user's web browser. I-O DATA WN-AC1167GR is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. IO DATA WN-AC1167GR is a wireless router produced by Japan IO DATA DEVICE company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0928",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wn-ac1167gr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.04"
          },
          {
            "model": "wn-ac1167gr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.04"
          },
          {
            "model": "wn-ac1167gr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.04"
          },
          {
            "model": "wn-ac1167gr",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.04"
          },
          {
            "model": "data device wn-ac1167gr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.04"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04568"
          },
          {
            "db": "BID",
            "id": "97714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1010"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2148"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:wn-ac1167gr_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "97714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1010"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-2148",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-2148",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 1.4,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000070",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:H/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 1.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.5,
                "id": "CNVD-2017-04568",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:A/AC:H/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-110351",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2017-2148",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000070",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2148",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000070",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04568",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-1010",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110351",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04568"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1010"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2148"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user accesses a malicious URL while logged in, an arbitrary script may be executed on the user\u0027s web browser. I-O DATA WN-AC1167GR is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. IO DATA WN-AC1167GR is a wireless router produced by Japan IO DATA DEVICE company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2148"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04568"
          },
          {
            "db": "BID",
            "id": "97714"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110351"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2148",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN01537659",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "97714",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000070",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1010",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04568",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110351",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04568"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110351"
          },
          {
            "db": "BID",
            "id": "97714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1010"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2148"
          }
        ]
      },
      "id": "VAR-201704-0928",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04568"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110351"
          }
        ],
        "trust": 1.3875
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04568"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:40:09.833000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wn-ac1167gr/"
          },
          {
            "title": "Patch for WN-AC1167GR Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/91864"
          },
          {
            "title": "I-O DATA WN-AC1167GR Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69715"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1010"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2148"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://jvn.jp/en/jp/jvn01537659/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/97714"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2017/wn-ac1167gr/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2148"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2148"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn01537659/"
          },
          {
            "trust": 0.3,
            "url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04568"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110351"
          },
          {
            "db": "BID",
            "id": "97714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1010"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2148"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04568"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110351"
          },
          {
            "db": "BID",
            "id": "97714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1010"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2148"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04568"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110351"
          },
          {
            "date": "2017-04-14T00:00:00",
            "db": "BID",
            "id": "97714"
          },
          {
            "date": "2017-04-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          },
          {
            "date": "2017-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1010"
          },
          {
            "date": "2017-04-28T16:59:01.887000",
            "db": "NVD",
            "id": "CVE-2017-2148"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04568"
          },
          {
            "date": "2017-05-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110351"
          },
          {
            "date": "2017-04-14T00:00:00",
            "db": "BID",
            "id": "97714"
          },
          {
            "date": "2017-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          },
          {
            "date": "2017-05-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1010"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2148"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1010"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WN-AC1167GR vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000070"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1010"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0424

    Vulnerability from variot - Updated: 2025-04-20 23:38

    Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability (CWE-352). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATATS-WPTCAM and so on are all network cameras from I-ODATADEVICE, Japan. A remote attacker could exploit this vulnerability to perform unauthorized operations. Other attacks are also possible. TS-WPTCAM2 firmware version 1.19 and prior. TS-PTCAM firmware version 1.19 and prior. TS-PTCAM/POE firmware version 1.19 and prior. TS-WLC2 firmware version 1.19 and prior. TS-WLCE firmware version 1.19 and prior. TS-WRLC firmware version 1.19 and prior

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0424",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts-wlc2 camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wrlc camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-ptcam\\/poe camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wptcam camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-ptcam camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wptcam2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.01"
          },
          {
            "model": "ts-wlce camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.19"
          },
          {
            "model": "ts-ptcam/poe",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.19"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.19"
          },
          {
            "model": "ts-wlce",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.19"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.19"
          },
          {
            "model": "ts-wptcam2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.01"
          },
          {
            "model": "ts-wrlc",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.19"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.19"
          },
          {
            "model": "ts-ptcam",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "1.19"
          },
          {
            "model": "ts-ptcam/poe",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "1.19"
          },
          {
            "model": "ts-wlc2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "1.19"
          },
          {
            "model": "ts-wlce",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "1.19"
          },
          {
            "model": "ts-wrlc",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "1.19"
          },
          {
            "model": "ts-wptcam2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "1.01"
          },
          {
            "model": "ts-wptcam2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.01"
          },
          {
            "model": "ts-ptcam camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wptcam camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wrlc camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wlce camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-ptcam\\/poe camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wlc2 camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "data device inc ts-wrlc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.19"
          },
          {
            "model": "data device inc ts-wptcam2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.19"
          },
          {
            "model": "data device inc ts-wptcam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.19"
          },
          {
            "model": "data device inc ts-wlce",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.19"
          },
          {
            "model": "data device inc ts-wlc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.19"
          },
          {
            "model": "data device inc ts-ptcam/poe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.19"
          },
          {
            "model": "data device inc ts-ptcam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.19"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13901"
          },
          {
            "db": "BID",
            "id": "99144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-885"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2223"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wlc2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wlce_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wrlc_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Takayoshi Isayama",
        "sources": [
          {
            "db": "BID",
            "id": "99144"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-885"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-2223",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-2223",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000141",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-13901",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-110426",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-2223",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 7.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000141",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2223",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000141",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-13901",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-885",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110426",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13901"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110426"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-885"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2223"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability (CWE-352). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATATS-WPTCAM and so on are all network cameras from I-ODATADEVICE, Japan. A remote attacker could exploit this vulnerability to perform unauthorized operations. Other attacks are also possible. \nTS-WPTCAM2 firmware version 1.19 and prior. \nTS-PTCAM firmware version 1.19 and prior. \nTS-PTCAM/POE firmware version 1.19 and prior. \nTS-WLC2 firmware version 1.19 and prior. \nTS-WLCE firmware version 1.19 and prior. \nTS-WRLC firmware version 1.19 and prior",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2223"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-13901"
          },
          {
            "db": "BID",
            "id": "99144"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110426"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2223",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN65411235",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "99144",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000141",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-885",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-13901",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110426",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13901"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110426"
          },
          {
            "db": "BID",
            "id": "99144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-885"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2223"
          }
        ]
      },
      "id": "VAR-201707-0424",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13901"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110426"
          }
        ],
        "trust": 1.4956070953846154
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13901"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:38:29.149000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/camera201706/"
          },
          {
            "title": "Patches for cross-site request forgery vulnerabilities for multiple I-ODATANetworkCamera products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/97864"
          },
          {
            "title": "Multiple I-O DATA Network Camera Repair measures for product cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71129"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13901"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-885"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110426"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2223"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://jvn.jp/en/jp/jvn65411235/index.html"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/99144"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2017/camera201706/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2223"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2223"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn65411235/"
          },
          {
            "trust": 0.3,
            "url": "http://www.iodata.jp/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13901"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110426"
          },
          {
            "db": "BID",
            "id": "99144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-885"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2223"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13901"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110426"
          },
          {
            "db": "BID",
            "id": "99144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-885"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2223"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-13901"
          },
          {
            "date": "2017-07-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110426"
          },
          {
            "date": "2017-06-20T00:00:00",
            "db": "BID",
            "id": "99144"
          },
          {
            "date": "2017-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-885"
          },
          {
            "date": "2017-07-07T13:29:00.740000",
            "db": "NVD",
            "id": "CVE-2017-2223"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-13901"
          },
          {
            "date": "2017-07-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110426"
          },
          {
            "date": "2017-06-20T00:00:00",
            "db": "BID",
            "id": "99144"
          },
          {
            "date": "2018-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          },
          {
            "date": "2017-07-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-885"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2223"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-885"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA network camera products vulnerable to cross-site request forgery",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000141"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-885"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0925

    Vulnerability from variot - Updated: 2025-04-20 23:36

    Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain a stack based buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0925",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wn-g300r3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.03"
          },
          {
            "model": "wn-g300r3",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "ver.1.03"
          },
          {
            "model": "wn-g300r3",
            "scope": null,
            "trust": 0.6,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "wn-g300r3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.03"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04290"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2142"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r3_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          }
        ]
      },
      "cve": "CVE-2017-2142",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-2142",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000060",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2017-04290",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-110345",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-2142",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000060",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2142",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000060",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04290",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201705-100",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110345",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04290"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2142"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain a stack based buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04290"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110345"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN81024552",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2142",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000060",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-100",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04290",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110345",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04290"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2142"
          }
        ]
      },
      "id": "VAR-201704-0925",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04290"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110345"
          }
        ],
        "trust": 1.2833333
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04290"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:36:55.511000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
          },
          {
            "title": "WN-G300R3 Stack Buffer Overflow Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/91703"
          },
          {
            "title": "I-O DATA WN-G300R3 Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69775"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04290"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-100"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2142"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://jvn.jp/en/jp/jvn81024552/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2142"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2142"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn81024552/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04290"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2142"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04290"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2142"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04290"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110345"
          },
          {
            "date": "2017-04-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-100"
          },
          {
            "date": "2017-04-28T16:59:01.777000",
            "db": "NVD",
            "id": "CVE-2017-2142"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04290"
          },
          {
            "date": "2017-05-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110345"
          },
          {
            "date": "2017-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          },
          {
            "date": "2017-05-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-100"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2142"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-100"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WN-G300R3 vulnerable to stack based buffer overflow",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000060"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-100"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0924

    Vulnerability from variot - Updated: 2025-04-20 23:36

    WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE. There is a security vulnerability in IO DATA WN-G300R3 devices using firmware version 1.03 and earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0924",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wn-g300r3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.03"
          },
          {
            "model": "wn-g300r3",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "ver.1.03"
          },
          {
            "model": "wn-g300r3",
            "scope": null,
            "trust": 0.6,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "wn-g300r3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.03"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04291"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2141"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r3_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          }
        ]
      },
      "cve": "CVE-2017-2141",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2017-2141",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000059",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2017-04291",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-110344",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2017-2141",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000059",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2141",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000059",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04291",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201705-101",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110344",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04291"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2141"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE. There is a security vulnerability in IO DATA WN-G300R3 devices using firmware version 1.03 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04291"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110344"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2141",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN81024552",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000059",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-101",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04291",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110344",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04291"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2141"
          }
        ]
      },
      "id": "VAR-201704-0924",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04291"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110344"
          }
        ],
        "trust": 1.2833333
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04291"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:36:55.481000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
          },
          {
            "title": "WN-G300R3OS command injection vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/91704"
          },
          {
            "title": "I-O DATA WN-G300R3 Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69776"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04291"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-101"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2141"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://jvn.jp/en/jp/jvn81024552/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2141"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2141"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn81024552/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04291"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2141"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04291"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2141"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04291"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110344"
          },
          {
            "date": "2017-04-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-101"
          },
          {
            "date": "2017-04-28T16:59:01.747000",
            "db": "NVD",
            "id": "CVE-2017-2141"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04291"
          },
          {
            "date": "2017-05-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110344"
          },
          {
            "date": "2017-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          },
          {
            "date": "2017-05-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-101"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2141"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-101"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WN-G300R3 vulnerable to OS command injection",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000059"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-101"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-0811

    Vulnerability from variot - Updated: 2025-04-20 23:35

    WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials (CWE-798). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A hard-coded credential vulnerability exists in I-ODATADEVICEWN-G300R3 with firmware version 1.0.2 and earlier. The vulnerability stems from the fact that the program uses a hard-coded certificate

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0811",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wn-g300r3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.0.2"
          },
          {
            "model": "wn-g300r3",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.0.2"
          },
          {
            "model": "wn-g300r3",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.0.2"
          },
          {
            "model": "wn-g300r3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.0.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-081"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2283"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r3_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          }
        ]
      },
      "cve": "CVE-2017-2283",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2017-2283",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 8.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000188",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2017-20140",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "VHN-110486",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2017-2283",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000188",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2283",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000188",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-20140",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-081",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110486",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20140"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-081"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2283"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials (CWE-798). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A hard-coded credential vulnerability exists in I-ODATADEVICEWN-G300R3 with firmware version 1.0.2 and earlier. The vulnerability stems from the fact that the program uses a hard-coded certificate",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-20140"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110486"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2283",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN51410509",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000188",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-081",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-20140",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110486",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20140"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-081"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2283"
          }
        ]
      },
      "id": "VAR-201708-0811",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20140"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110486"
          }
        ],
        "trust": 1.2833333
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20140"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:35:47.568000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
          },
          {
            "title": "I-ODATADEVICEWN-G300R3 hardcoded certificate vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/99807"
          },
          {
            "title": "I-O DATA DEVICE WN-G300R3 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72355"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-081"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2283"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn51410509/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2283"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2283"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn51410509/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20140"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-081"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2283"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20140"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-081"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2283"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-20140"
          },
          {
            "date": "2017-08-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110486"
          },
          {
            "date": "2017-07-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          },
          {
            "date": "2017-08-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-081"
          },
          {
            "date": "2017-08-02T16:29:00.487000",
            "db": "NVD",
            "id": "CVE-2017-2283"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-20140"
          },
          {
            "date": "2017-08-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110486"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          },
          {
            "date": "2017-08-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-081"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2283"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-081"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA WN-G300R31 uses hard-coded credentials",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000188"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-081"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0090

    Vulnerability from variot - Updated: 2025-04-20 23:32

    I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability (CWE-200). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information such as authentication credentials may be disclosed by an attacker who can access the product. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0090",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts-wrla",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.00.01"
          },
          {
            "model": "ts-wrlp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.00.01"
          },
          {
            "model": "ts-wrla",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.00.01"
          },
          {
            "model": "ts-wrlp",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.00.01"
          },
          {
            "model": "data ts-wrlp",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o",
            "version": "\u003c=1.00.01"
          },
          {
            "model": "data ts-wrla",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o",
            "version": "\u003c=1.00.01"
          },
          {
            "model": "ts-wrla",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.00.01"
          },
          {
            "model": "ts-wrlp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.00.01"
          },
          {
            "model": "data device ts-wrlp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.0.1"
          },
          {
            "model": "data device ts-wrla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.0.1"
          },
          {
            "model": "data device ts-wrlp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.1.2"
          },
          {
            "model": "data device ts-wrla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "1.1.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11326"
          },
          {
            "db": "BID",
            "id": "94250"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-354"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7814"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:ts-wrla",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:ts-wrlp",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions",
        "sources": [
          {
            "db": "BID",
            "id": "94250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-354"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-7814",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-7814",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000221",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-11326",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-96634",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-7814",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000221",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-7814",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000221",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-11326",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-354",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-96634",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11326"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-354"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7814"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability (CWE-200). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information such as authentication credentials may be disclosed by an attacker who can access the product. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-7814"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11326"
          },
          {
            "db": "BID",
            "id": "94250"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96634"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-7814",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN34103586",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "94250",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000221",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11326",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-354",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-96634",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11326"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96634"
          },
          {
            "db": "BID",
            "id": "94250"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-354"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7814"
          }
        ]
      },
      "id": "VAR-201706-0090",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11326"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96634"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11326"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:32:53.834000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2016/ts-wrlap/"
          },
          {
            "title": "Patches for multiple I-ODATANetworkCamera product information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/84086"
          },
          {
            "title": "I-O DATA Network camera Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65715"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11326"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-354"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7814"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn34103586/index.html"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/94250"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2016/ts-wrlap/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7814"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7814"
          },
          {
            "trust": 0.3,
            "url": "http://www.iodata.jp/"
          },
          {
            "trust": 0.3,
            "url": "http://jvn.jp/en/jp/jvn34103586/index.html jvn#34103586 "
          },
          {
            "trust": 0.3,
            "url": "http://www.iodata.jp/support/information/2016/ts-wrlap/ "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11326"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96634"
          },
          {
            "db": "BID",
            "id": "94250"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-354"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7814"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11326"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96634"
          },
          {
            "db": "BID",
            "id": "94250"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-354"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7814"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-11-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11326"
          },
          {
            "date": "2017-06-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96634"
          },
          {
            "date": "2016-11-11T00:00:00",
            "db": "BID",
            "id": "94250"
          },
          {
            "date": "2016-11-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          },
          {
            "date": "2016-11-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-354"
          },
          {
            "date": "2017-06-09T16:29:00.720000",
            "db": "NVD",
            "id": "CVE-2016-7814"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-11-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11326"
          },
          {
            "date": "2017-06-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96634"
          },
          {
            "date": "2016-11-24T01:09:00",
            "db": "BID",
            "id": "94250"
          },
          {
            "date": "2018-01-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          },
          {
            "date": "2017-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-354"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-7814"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-354"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA network camera products vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000221"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-354"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0083

    Vulnerability from variot - Updated: 2025-04-20 23:29

    I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. WFS-SR01 firmware version 1.10 and prior versions are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0083",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wfs-sr01",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.10"
          },
          {
            "model": "wfs-sr01",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.10"
          },
          {
            "model": "wfs-sr01",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.10"
          },
          {
            "model": "wfs-sr01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o data device",
            "version": "1.10"
          },
          {
            "model": "wfs-sr01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o data device",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "94089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7806"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wfs-sr01",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported the issue.",
        "sources": [
          {
            "db": "BID",
            "id": "94089"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-7806",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-7806",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000214",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-96626",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-7806",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000214",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-7806",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000214",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-017",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-96626",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-7806",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96626"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7806"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7806"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in \"Pocket Router Function\". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. \nWFS-SR01 firmware version 1.10 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-7806"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          },
          {
            "db": "BID",
            "id": "94089"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96626"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7806"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-7806",
            "trust": 2.9
          },
          {
            "db": "JVN",
            "id": "JVN18228200",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "94089",
            "trust": 2.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000214",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-017",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-96626",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7806",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96626"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7806"
          },
          {
            "db": "BID",
            "id": "94089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7806"
          }
        ]
      },
      "id": "VAR-201706-0083",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96626"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:29:41.524000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/wfssr01/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-nocwe",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7806"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://jvn.jp/en/jp/jvn18228200/index.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/94089"
          },
          {
            "trust": 1.8,
            "url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7806"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7806"
          },
          {
            "trust": 0.3,
            "url": "http://www.iodata.jp/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96626"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7806"
          },
          {
            "db": "BID",
            "id": "94089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7806"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-96626"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7806"
          },
          {
            "db": "BID",
            "id": "94089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7806"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96626"
          },
          {
            "date": "2017-06-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-7806"
          },
          {
            "date": "2016-11-02T00:00:00",
            "db": "BID",
            "id": "94089"
          },
          {
            "date": "2016-11-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          },
          {
            "date": "2016-11-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-017"
          },
          {
            "date": "2017-06-09T16:29:00.487000",
            "db": "NVD",
            "id": "CVE-2016-7806"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96626"
          },
          {
            "date": "2017-06-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-7806"
          },
          {
            "date": "2016-11-24T01:07:00",
            "db": "BID",
            "id": "94089"
          },
          {
            "date": "2017-11-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          },
          {
            "date": "2017-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-017"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-7806"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-017"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Command injection vulnerability in WFS-SR01",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000214"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-017"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0084

    Vulnerability from variot - Updated: 2025-04-20 23:29

    I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. Attackers can exploit these issues to execute remote command or to bypass certain security restrictions and perform unauthorized actions. WFS-SR01 firmware version 1.10 and prior versions are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0084",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wfs-sr01",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.10"
          },
          {
            "model": "wfs-sr01",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.10"
          },
          {
            "model": "wfs-sr01",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.10"
          },
          {
            "model": "wfs-sr01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o data device",
            "version": "1.10"
          },
          {
            "model": "wfs-sr01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o data device",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "94089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7807"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wfs-sr01",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported the issue.",
        "sources": [
          {
            "db": "BID",
            "id": "94089"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-7807",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-7807",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000215",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-96627",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-7807",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000215",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-7807",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000215",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-018",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-96627",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96627"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7807"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in \"Pocket Router Function\". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. \nAttackers   can exploit these issues to execute  remote command or to  bypass certain security restrictions and perform unauthorized actions. \nWFS-SR01 firmware version 1.10 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-7807"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          },
          {
            "db": "BID",
            "id": "94089"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96627"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-7807",
            "trust": 2.8
          },
          {
            "db": "JVN",
            "id": "JVN18228200",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "94089",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000215",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-018",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-96627",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96627"
          },
          {
            "db": "BID",
            "id": "94089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7807"
          }
        ]
      },
      "id": "VAR-201706-0084",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96627"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:29:41.493000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/wfssr01/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-nocwe",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96627"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7807"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://jvn.jp/en/jp/jvn18228200/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/94089"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7807"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7807"
          },
          {
            "trust": 0.3,
            "url": "http://www.iodata.jp/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96627"
          },
          {
            "db": "BID",
            "id": "94089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7807"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-96627"
          },
          {
            "db": "BID",
            "id": "94089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7807"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96627"
          },
          {
            "date": "2016-11-02T00:00:00",
            "db": "BID",
            "id": "94089"
          },
          {
            "date": "2016-11-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          },
          {
            "date": "2016-11-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-018"
          },
          {
            "date": "2017-06-09T16:29:00.517000",
            "db": "NVD",
            "id": "CVE-2016-7807"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96627"
          },
          {
            "date": "2016-11-24T01:07:00",
            "db": "BID",
            "id": "94089"
          },
          {
            "date": "2017-11-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          },
          {
            "date": "2017-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-018"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-7807"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-018"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Access restriction bypass vulnerability in WFS-SR01",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000215"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-018"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0037

    Vulnerability from variot - Updated: 2025-04-20 23:29

    I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. contains a denial-of-service (DoS) vulnerability (CWE-119) due to a flaw in processing certain packets. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Receiving a specially crafted packet may result in a denial-of-service (DoS) condition. An attacker could exploit this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0037",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "lan disk connect",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "2.02"
          },
          {
            "model": "lan disk connect",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "ver2.02"
          },
          {
            "model": "lan disk connect",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "2.02"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-387"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10875"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:lan_disk_connect",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          }
        ]
      },
      "cve": "CVE-2017-10875",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-10875",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 3.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000233",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-101241",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-10875",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 3.5,
                "baseSeverity": "Low",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000233",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-10875",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000233",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-387",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-101241",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101241"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-387"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10875"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. contains a denial-of-service (DoS) vulnerability (CWE-119) due to a flaw in processing certain packets. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Receiving a specially crafted packet may result in a denial-of-service (DoS) condition. An attacker could exploit this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-10875"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101241"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-10875",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVN87886530",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000233",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-387",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-101241",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101241"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-387"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10875"
          }
        ]
      },
      "id": "VAR-201711-0037",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101241"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:29:32.281000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/ld-connect/"
          },
          {
            "title": "I-O DATA DEVICE LAN DISK Connect Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76255"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-387"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101241"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10875"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://jvn.jp/en/jp/jvn87886530/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2017/ld-connect/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10875"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10875"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101241"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-387"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10875"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-101241"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-387"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10875"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101241"
          },
          {
            "date": "2017-11-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          },
          {
            "date": "2017-11-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-387"
          },
          {
            "date": "2017-11-13T14:29:00.650000",
            "db": "NVD",
            "id": "CVE-2017-10875"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101241"
          },
          {
            "date": "2018-03-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          },
          {
            "date": "2017-11-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-387"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-10875"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-387"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA LAN DISK Connect vulnerable to denial-of-service (DoS)",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000233"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-387"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0948

    Vulnerability from variot - Updated: 2025-04-20 23:27

    TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. Remote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0948",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts-wptcam2",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.00"
          },
          {
            "model": "ts-wlce",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wrlc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.17"
          },
          {
            "model": "ts-ptcam\\/poe",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wrlc",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.17"
          },
          {
            "model": "ts-wptcam",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wlce",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-ptcam/poe",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wlce",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wptcam2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.00"
          },
          {
            "model": "ts-wrlc",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.17"
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-ptcam/poe",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wlce",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wptcam2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "1.00"
          },
          {
            "model": "ts-wrlc",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.17"
          },
          {
            "model": "ts-ptcam\\/poe",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-ptcam",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.00"
          },
          {
            "model": "ts-wlc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.18"
          },
          {
            "model": "ts-wrlc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wptcam",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.01"
          },
          {
            "model": "ts-wptcam",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wlce",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wlc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.19"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02696"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2112"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wlc2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wlce_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wrlc_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "96620"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2112",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2017-2112",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000040",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2017-02696",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "VHN-110315",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-2112",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000040",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2112",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000040",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-02696",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-087",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110315",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02696"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2112"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. \nRemote attackers can exploit these issues to  execute arbitrary code,  cause  denial-of-service conditions or to insert a  crafted HTTP header  into an HTTP response that could cause a web page  redirection to a  possible malicious website. IO DATA TS-WLC2 etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2112"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02696"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110315"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2112",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN46830433",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000040",
            "trust": 2.0
          },
          {
            "db": "BID",
            "id": "96620",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-087",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02696",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110315",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02696"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110315"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2112"
          }
        ]
      },
      "id": "VAR-201704-0948",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02696"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110315"
          }
        ],
        "trust": 1.3627042399999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02696"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:27:26.155000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/camera201702/"
          },
          {
            "title": "Patches for multiple I-ODATAnetworkcamera command injection vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/90468"
          },
          {
            "title": "Multiple I-O DATA network camera Fixes for command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67989"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-087"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2112"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://jvn.jp/en/jp/jvn46830433/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2017/camera201702/"
          },
          {
            "trust": 1.2,
            "url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000040.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/96620"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2112"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2112"
          },
          {
            "trust": 0.3,
            "url": "http://www.iodata.jp/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02696"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110315"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2112"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02696"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110315"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2112"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02696"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110315"
          },
          {
            "date": "2017-03-02T00:00:00",
            "db": "BID",
            "id": "96620"
          },
          {
            "date": "2017-03-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          },
          {
            "date": "2017-03-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-087"
          },
          {
            "date": "2017-04-28T16:59:01.077000",
            "db": "NVD",
            "id": "CVE-2017-2112"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02696"
          },
          {
            "date": "2017-05-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110315"
          },
          {
            "date": "2017-03-16T00:01:00",
            "db": "BID",
            "id": "96620"
          },
          {
            "date": "2017-06-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          },
          {
            "date": "2017-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-087"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2112"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-087"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA network camera products vulnerable to OS command injection",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000040"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-087"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0947

    Vulnerability from variot - Updated: 2025-04-20 23:27

    HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a HTTP header injection vulnerability. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Forged information may be displayed on the logged-in user's web browser by exploiting HTTP response splitting. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. Remote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0947",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts-wptcam2",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.00"
          },
          {
            "model": "ts-wlce",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wrlc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.17"
          },
          {
            "model": "ts-ptcam\\/poe",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wrlc",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.17"
          },
          {
            "model": "ts-wptcam",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wlce",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-ptcam/poe",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wlce",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wptcam2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.00"
          },
          {
            "model": "ts-wrlc",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.17"
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-ptcam/poe",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wlce",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wptcam2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "1.00"
          },
          {
            "model": "ts-wrlc",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.17"
          },
          {
            "model": "ts-ptcam\\/poe",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-ptcam",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.00"
          },
          {
            "model": "ts-wlc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.18"
          },
          {
            "model": "ts-wrlc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wptcam",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.01"
          },
          {
            "model": "ts-wptcam",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wlce",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wlc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.19"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02674"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-086"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2111"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wlc2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wlce_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wrlc_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "96620"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2111",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-2111",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000039",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2017-02674",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-110314",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-2111",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000039",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2111",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000039",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-02674",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-086",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110314",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110314"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-086"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2111"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a HTTP header injection vulnerability. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Forged information may be displayed on the logged-in user\u0027s web browser by exploiting HTTP response splitting. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. \nRemote attackers can exploit these issues to  execute arbitrary code,  cause  denial-of-service conditions or to insert a  crafted HTTP header  into an HTTP response that could cause a web page  redirection to a  possible malicious website. IO DATA TS-WLC2 etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2111"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02674"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110314"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2111",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN46830433",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000039",
            "trust": 2.0
          },
          {
            "db": "BID",
            "id": "96620",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-086",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02674",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110314",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110314"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-086"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2111"
          }
        ]
      },
      "id": "VAR-201704-0947",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110314"
          }
        ],
        "trust": 1.3627042399999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02674"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:27:26.119000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/camera201702/"
          },
          {
            "title": "Patches for multiple I-ODATAnetworkcameraHTTP header injection vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/90445"
          },
          {
            "title": "Multiple I-O DATA network camera Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67990"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02674"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-086"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-93",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110314"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2111"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://jvn.jp/en/jp/jvn46830433/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2017/camera201702/"
          },
          {
            "trust": 1.2,
            "url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000039.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/96620"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2111"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2111"
          },
          {
            "trust": 0.3,
            "url": "http://www.iodata.jp/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110314"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-086"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2111"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110314"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-086"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2111"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02674"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110314"
          },
          {
            "date": "2017-03-02T00:00:00",
            "db": "BID",
            "id": "96620"
          },
          {
            "date": "2017-03-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          },
          {
            "date": "2017-03-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-086"
          },
          {
            "date": "2017-04-28T16:59:01.043000",
            "db": "NVD",
            "id": "CVE-2017-2111"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02674"
          },
          {
            "date": "2017-05-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110314"
          },
          {
            "date": "2017-03-16T00:01:00",
            "db": "BID",
            "id": "96620"
          },
          {
            "date": "2017-06-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          },
          {
            "date": "2017-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-086"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2111"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-086"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA network camera products vulnerable to HTTP header injection",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000039"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-086"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0949

    Vulnerability from variot - Updated: 2025-04-20 23:27

    Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a Buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. Remote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0949",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts-wptcam2",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.00"
          },
          {
            "model": "ts-wlce",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wrlc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.17"
          },
          {
            "model": "ts-ptcam\\/poe",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wrlc",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.17"
          },
          {
            "model": "ts-wptcam",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wlce",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-ptcam/poe",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wlce",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.18"
          },
          {
            "model": "ts-wptcam2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.00"
          },
          {
            "model": "ts-wrlc",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.17"
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-ptcam/poe",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wlce",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.18"
          },
          {
            "model": "ts-wptcam2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "1.00"
          },
          {
            "model": "ts-wrlc",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.17"
          },
          {
            "model": "ts-ptcam\\/poe",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-ptcam",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wlc2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.18"
          },
          {
            "model": "ts-wptcam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.00"
          },
          {
            "model": "ts-wlc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.18"
          },
          {
            "model": "ts-wrlc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wptcam",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.01"
          },
          {
            "model": "ts-wptcam",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wlce",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "1.19"
          },
          {
            "model": "ts-wlc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "iodata",
            "version": "21.19"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02695"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-088"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2113"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wlc2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wlce_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wrlc_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "96620"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2113",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2017-2113",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000041",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2017-02695",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "VHN-110316",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-2113",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000041",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2113",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000041",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-02695",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-088",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110316",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02695"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-088"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2113"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a Buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. \nRemote attackers can exploit these issues to  execute arbitrary code,  cause  denial-of-service conditions or to insert a  crafted HTTP header  into an HTTP response that could cause a web page  redirection to a  possible malicious website. IO DATA TS-WLC2 etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2113"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02695"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110316"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2113",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN46830433",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000041",
            "trust": 2.0
          },
          {
            "db": "BID",
            "id": "96620",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-088",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02695",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110316",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02695"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110316"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-088"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2113"
          }
        ]
      },
      "id": "VAR-201704-0949",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02695"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110316"
          }
        ],
        "trust": 1.3627042399999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02695"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:27:26.084000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/camera201702/"
          },
          {
            "title": "Patches for multiple I-ODATAnetworkcamera buffer overflow vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/90473"
          },
          {
            "title": "Multiple I-O DATA network camera Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67988"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-088"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2113"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://jvn.jp/en/jp/jvn46830433/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2017/camera201702/"
          },
          {
            "trust": 1.2,
            "url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000041.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/96620"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2113"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2113"
          },
          {
            "trust": 0.3,
            "url": "http://www.iodata.jp/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02695"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110316"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-088"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2113"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02695"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110316"
          },
          {
            "db": "BID",
            "id": "96620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-088"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2113"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02695"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110316"
          },
          {
            "date": "2017-03-02T00:00:00",
            "db": "BID",
            "id": "96620"
          },
          {
            "date": "2017-03-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          },
          {
            "date": "2017-03-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-088"
          },
          {
            "date": "2017-04-28T16:59:01.107000",
            "db": "NVD",
            "id": "CVE-2017-2113"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02695"
          },
          {
            "date": "2017-05-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110316"
          },
          {
            "date": "2017-03-16T00:01:00",
            "db": "BID",
            "id": "96620"
          },
          {
            "date": "2017-06-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          },
          {
            "date": "2017-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-088"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2113"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-088"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA network camera products vulnerable to buffer overflow",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000041"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-088"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0095

    Vulnerability from variot - Updated: 2025-04-20 23:23

    Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed or a denial-of-service (DoS) condition may be caused. Attackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. The following products are affected : TS-WRLP firmware version 1.01.02 and prior. TS-WRLA firmware version 1.01.02 and prior

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0095",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts-wrla",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.01.02"
          },
          {
            "model": "ts-wrlp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.01.02"
          },
          {
            "model": "ts-wrlp",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.01.02"
          },
          {
            "model": "ts-wrla",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.01.02"
          },
          {
            "model": "ts-wrla",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.01.02"
          },
          {
            "model": "ts-wrlp",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.01.02"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-713"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7820"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:ts-wrla",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:ts-wrlp",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-713"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-7820",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2016-7820",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000235",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-96640",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2016-7820",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000235",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-7820",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000235",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-713",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-96640",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96640"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-713"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7820"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed or a denial-of-service (DoS) condition may be caused. \nAttackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. \nThe following products are affected :\nTS-WRLP firmware version 1.01.02 and prior. \nTS-WRLA firmware version 1.01.02 and prior",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-7820"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          },
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96640"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN25059363",
            "trust": 2.8
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7820",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "94594",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000235",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-713",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-96640",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96640"
          },
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-713"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7820"
          }
        ]
      },
      "id": "VAR-201706-0095",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96640"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:23:45.412000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
          },
          {
            "title": "I-O DATA DEVICE TS-WRLP  and TS-WRLA Buffer Overflow Vulnerability and Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65980"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-713"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96640"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7820"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://jvn.jp/en/jp/jvn25059363/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/94594"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7820"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7820"
          },
          {
            "trust": 0.3,
            "url": "www.iodata.jp/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96640"
          },
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-713"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7820"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-96640"
          },
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-713"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7820"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96640"
          },
          {
            "date": "2016-11-30T00:00:00",
            "db": "BID",
            "id": "94594"
          },
          {
            "date": "2016-11-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          },
          {
            "date": "2016-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-713"
          },
          {
            "date": "2017-06-09T16:29:00.877000",
            "db": "NVD",
            "id": "CVE-2016-7820"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96640"
          },
          {
            "date": "2016-12-20T01:04:00",
            "db": "BID",
            "id": "94594"
          },
          {
            "date": "2018-01-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          },
          {
            "date": "2017-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-713"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-7820"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-713"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA network camera products vulnerable to buffer overflow",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000235"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-713"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0094

    Vulnerability from variot - Updated: 2025-04-20 23:23

    I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed. Attackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. The following products are affected : TS-WRLP firmware version 1.01.02 and prior. TS-WRLA firmware version 1.01.02 and prior

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0094",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts-wrla",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.01.02"
          },
          {
            "model": "ts-wrlp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.01.02"
          },
          {
            "model": "ts-wrlp",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.01.02"
          },
          {
            "model": "ts-wrla",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "iodata",
            "version": "1.01.02"
          },
          {
            "model": "ts-wrla",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.01.02"
          },
          {
            "model": "ts-wrlp",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.01.02"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-712"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7819"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:ts-wrla",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:ts-wrlp",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-712"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-7819",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2016-7819",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000234",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-96639",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2016-7819",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000234",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-7819",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000234",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-712",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-96639",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-712"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7819"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed. \nAttackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. \nThe following products are affected :\nTS-WRLP firmware version 1.01.02 and prior. \nTS-WRLA firmware version 1.01.02 and prior",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-7819"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          },
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96639"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-7819",
            "trust": 2.8
          },
          {
            "db": "JVN",
            "id": "JVN25059363",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "94594",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000234",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-712",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-96639",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96639"
          },
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-712"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7819"
          }
        ]
      },
      "id": "VAR-201706-0094",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96639"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:23:45.381000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
          },
          {
            "title": "I-O DATA DEVICE TS-WRLP  and TS-WRLA Buffer Overflow Vulnerability and Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65979"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-712"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7819"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://jvn.jp/en/jp/jvn25059363/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/94594"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7819"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7819"
          },
          {
            "trust": 0.3,
            "url": "www.iodata.jp/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96639"
          },
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-712"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7819"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-96639"
          },
          {
            "db": "BID",
            "id": "94594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-712"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7819"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96639"
          },
          {
            "date": "2016-11-30T00:00:00",
            "db": "BID",
            "id": "94594"
          },
          {
            "date": "2016-11-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          },
          {
            "date": "2016-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-712"
          },
          {
            "date": "2017-06-09T16:29:00.843000",
            "db": "NVD",
            "id": "CVE-2016-7819"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96639"
          },
          {
            "date": "2016-12-20T01:04:00",
            "db": "BID",
            "id": "94594"
          },
          {
            "date": "2018-01-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          },
          {
            "date": "2017-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-712"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-7819"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-712"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA network camera products vulnerable to OS command injection",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000234"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-712"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-0808

    Vulnerability from variot - Updated: 2025-04-20 23:04

    WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A buffer overflow vulnerability exists in WN-AX1167GR using firmware version 3.00 and earlier. An attacker could exploit this vulnerability to execute arbitrary commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0808",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wn-ax1167gr",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "3.00"
          },
          {
            "model": "wn-ax1167gr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 3.00"
          },
          {
            "model": "wn-ax1167gr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=3.00"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-084"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2280"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-ax1167gr",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          }
        ]
      },
      "cve": "CVE-2017-2280",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2017-2280",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 8.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2017-20143",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "VHN-110483",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 1.6,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-2280",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2017-000185",
                "trust": 1.6,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2280",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000185",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-20143",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-084",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110483",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-2280",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110483"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-084"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2280"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A buffer overflow vulnerability exists in WN-AX1167GR using firmware version 3.00 and earlier. An attacker could exploit this vulnerability to execute arbitrary commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-20143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110483"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2280"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN01312667",
            "trust": 3.2
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2280",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-084",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-20143",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110483",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2280",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110483"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-084"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2280"
          }
        ]
      },
      "id": "VAR-201708-0808",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110483"
          }
        ],
        "trust": 1.325
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20143"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:04:32.160000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
          },
          {
            "title": "Patch for I-ODATAWN-AX1167GR Buffer Overflow Vulnerability (CNVD-2017-20143)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/99811"
          },
          {
            "title": "I-O DATA DEVICE WN-AX1167GR Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72358"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-084"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-78",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110483"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2280"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://jvn.jp/en/jp/jvn01312667/index.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2280"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2281"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2282"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2280"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2281"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2282"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn01312667/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110483"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-084"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2280"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110483"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-084"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2280"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-20143"
          },
          {
            "date": "2017-08-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110483"
          },
          {
            "date": "2017-08-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2280"
          },
          {
            "date": "2017-07-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "date": "2017-08-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-084"
          },
          {
            "date": "2017-08-02T16:29:00.377000",
            "db": "NVD",
            "id": "CVE-2017-2280"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-20143"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110483"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2280"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "date": "2017-08-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-084"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2280"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-084"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in I-O DATA WN-AX1167GR",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-084"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-0809

    Vulnerability from variot - Updated: 2025-04-20 23:04

    WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute arbitrary code on the device - CVE-2017-2280 * A user with access to the affected device may execute an arbitrary command - CVE-2017-2281 * If a user views a specially crafted page while logged into the affected device, an arbitrary command may be executed - CVE-2017-2282

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0809",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wn-ax1167gr",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "3.00"
          },
          {
            "model": "wn-ax1167gr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 3.00"
          },
          {
            "model": "wn-ax1167gr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=3.00"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-083"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2281"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-ax1167gr",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          }
        ]
      },
      "cve": "CVE-2017-2281",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2017-2281",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 8.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2017-20142",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "VHN-110484",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 1.6,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-2281",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2017-000185",
                "trust": 1.6,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2281",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000185",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-20142",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-083",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110484",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110484"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-083"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2281"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute arbitrary code on the device - CVE-2017-2280 * A user with access to the affected device may execute an arbitrary command - CVE-2017-2281 * If a user views a specially crafted page while logged into the affected device, an arbitrary command may be executed - CVE-2017-2282",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2281"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-20142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110484"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2281",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN01312667",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-083",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-20142",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110484",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110484"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-083"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2281"
          }
        ]
      },
      "id": "VAR-201708-0809",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110484"
          }
        ],
        "trust": 1.325
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20142"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:04:32.130000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
          },
          {
            "title": "I-ODATAWN-AX1167GR operating system command injection vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/99810"
          },
          {
            "title": "I-O DATA DEVICE WN-AX1167GR Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72357"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-083"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110484"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2281"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn01312667/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2280"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2281"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2282"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2280"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2281"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2282"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn01312667/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110484"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-083"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2281"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110484"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-083"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2281"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-20142"
          },
          {
            "date": "2017-08-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110484"
          },
          {
            "date": "2017-07-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "date": "2017-08-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-083"
          },
          {
            "date": "2017-08-02T16:29:00.427000",
            "db": "NVD",
            "id": "CVE-2017-2281"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-20142"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110484"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "date": "2017-08-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-083"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2281"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-083"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in I-O DATA WN-AX1167GR",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-083"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-0810

    Vulnerability from variot - Updated: 2025-04-20 23:04

    Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute arbitrary code on the device - CVE-2017-2280 * A user with access to the affected device may execute an arbitrary command - CVE-2017-2281 * If a user views a specially crafted page while logged into the affected device, an arbitrary command may be executed - CVE-2017-2282

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0810",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wn-ax1167gr",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "3.00"
          },
          {
            "model": "wn-ax1167gr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 3.00"
          },
          {
            "model": "wn-ax1167gr",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=3.00"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-082"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2282"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-ax1167gr",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          }
        ]
      },
      "cve": "CVE-2017-2282",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CVE-2017-2282",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 8.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2017-20141",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "VHN-110485",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 1.6,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2017-2282",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000185",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2017-000185",
                "trust": 1.6,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-2282",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000185",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-20141",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-082",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110485",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20141"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-082"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2282"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. * Hard-coded credentials (CWE-798) - CVE-2017-2280 * OS command injection (CWE-78) - CVE-2017-2281 * Buffer overflow (CWE-119) - CVE-2017-2282 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute arbitrary code on the device - CVE-2017-2280 * A user with access to the affected device may execute an arbitrary command - CVE-2017-2281 * If a user views a specially crafted page while logged into the affected device, an arbitrary command may be executed - CVE-2017-2282",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2282"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-20141"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110485"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2282",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN01312667",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-082",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-20141",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110485",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20141"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-082"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2282"
          }
        ]
      },
      "id": "VAR-201708-0810",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20141"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110485"
          }
        ],
        "trust": 1.325
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20141"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:04:32.100000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
          },
          {
            "title": "Patch for I-ODATAWN-AX1167GR Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/99809"
          },
          {
            "title": "I-O DATA DEVICE WN-AX1167GR Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72356"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-082"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-78",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2282"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn01312667/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2280"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2281"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2282"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2280"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2281"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2282"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn01312667/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20141"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-082"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2282"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-20141"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110485"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-082"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2282"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-20141"
          },
          {
            "date": "2017-08-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110485"
          },
          {
            "date": "2017-07-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "date": "2017-08-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-082"
          },
          {
            "date": "2017-08-02T16:29:00.457000",
            "db": "NVD",
            "id": "CVE-2017-2282"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-20141"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110485"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          },
          {
            "date": "2017-08-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-082"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-2282"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-082"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in I-O DATA WN-AX1167GR",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000185"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-082"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201606-0179

    Vulnerability from variot - Updated: 2025-04-13 23:42

    I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a denial-of-service (DoS) vulnerability. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may cause the web server on the product to be terminated abnormally. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0179",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "etx-r",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "etx-r",
            "scope": null,
            "trust": 1.4,
            "vendor": "i o data device",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000101"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-311"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4821"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:etx-r",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000101"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Junichi MURAKAMI of FFRI, Inc",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-311"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-4821",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-4821",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000101",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-04210",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-93640",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-4821",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000101",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-4821",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000101",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-04210",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201606-311",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-93640",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93640"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000101"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-311"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4821"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a denial-of-service (DoS) vulnerability. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may cause the web server on the product to be terminated abnormally. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. \nAn attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4821"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000101"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          },
          {
            "db": "BID",
            "id": "91170"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93640"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-4821",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000101",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN96052093",
            "trust": 3.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-311",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04210",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "91170",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-93640",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93640"
          },
          {
            "db": "BID",
            "id": "91170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000101"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-311"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4821"
          }
        ]
      },
      "id": "VAR-201606-0179",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93640"
          }
        ],
        "trust": 0.06999999999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:42:01.570000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2016/etx-r/"
          },
          {
            "title": "I-ODATADEVICEETX-R patch for denial of service vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/77933"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000101"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000101"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4821"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://jvn.jp/en/jp/jvn96052093/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2016/etx-r/"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000101"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4821"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4821"
          },
          {
            "trust": 0.6,
            "url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000101.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93640"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000101"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-311"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4821"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93640"
          },
          {
            "db": "BID",
            "id": "91170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000101"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-311"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4821"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-06-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          },
          {
            "date": "2016-06-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-93640"
          },
          {
            "date": "2016-06-14T00:00:00",
            "db": "BID",
            "id": "91170"
          },
          {
            "date": "2016-06-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000101"
          },
          {
            "date": "2016-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-311"
          },
          {
            "date": "2016-06-19T01:59:14.810000",
            "db": "NVD",
            "id": "CVE-2016-4821"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-06-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          },
          {
            "date": "2016-06-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-93640"
          },
          {
            "date": "2016-07-06T14:59:00",
            "db": "BID",
            "id": "91170"
          },
          {
            "date": "2016-06-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000101"
          },
          {
            "date": "2016-06-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-311"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-4821"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-311"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA DEVICE ETX-R Denial of Service Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-311"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-311"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0611

    Vulnerability from variot - Updated: 2025-04-13 23:41

    I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality.The device may be used in a DDoS attack, as a SSDP reflector. An attacker could exploit the vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0611",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wn-g54\\/r2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.02"
          },
          {
            "model": "np-bbrs",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "with all firmware"
          },
          {
            "model": "wn-g54/r2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "with firmware prior to ver.1.03"
          },
          {
            "model": "data np-bbrs",
            "scope": null,
            "trust": 0.6,
            "vendor": "i o",
            "version": null
          },
          {
            "model": "data wn-g54/r2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "i o",
            "version": "1.03"
          },
          {
            "model": "wn-g54\\/r2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.02"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-447"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2984"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:np-bbrs",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-g54%2Fr2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "JPCERT",
        "sources": [
          {
            "db": "BID",
            "id": "76393"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-447"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2015-2984",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-2984",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2015-000117",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05504",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-80945",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-2984",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2015-000117",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05504",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-447",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-80945",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05504"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-447"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2984"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality.The device may be used in a DDoS attack, as a SSDP reflector. An attacker could exploit the vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-2984"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05504"
          },
          {
            "db": "BID",
            "id": "76393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80945"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-2984",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN17964918",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "76393",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000117",
            "trust": 2.5
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-447",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05504",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-80945",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05504"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80945"
          },
          {
            "db": "BID",
            "id": "76393"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-447"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2984"
          }
        ]
      },
      "id": "VAR-201508-0611",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05504"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80945"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05504"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:41:20.153000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website ",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2015/wn-g54r2/"
          },
          {
            "title": "Patch for I-O DATA DEVICE NP-BBRS and WN-G54/R2 Remote Denial of Service Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/62765"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-80945"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2984"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://jvn.jp/en/jp/jvn17964918/index.html"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/76393"
          },
          {
            "trust": 2.0,
            "url": "http://www.iodata.jp/support/information/2015/wn-g54r2/"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000117"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2984"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2984"
          },
          {
            "trust": 0.3,
            "url": "http://www.iodata.jp/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05504"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80945"
          },
          {
            "db": "BID",
            "id": "76393"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-447"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2984"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05504"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80945"
          },
          {
            "db": "BID",
            "id": "76393"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-447"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2984"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05504"
          },
          {
            "date": "2015-08-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-80945"
          },
          {
            "date": "2015-08-18T00:00:00",
            "db": "BID",
            "id": "76393"
          },
          {
            "date": "2015-08-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          },
          {
            "date": "2015-08-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-447"
          },
          {
            "date": "2015-08-22T18:59:00.123000",
            "db": "NVD",
            "id": "CVE-2015-2984"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05504"
          },
          {
            "date": "2016-11-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-80945"
          },
          {
            "date": "2015-08-18T00:00:00",
            "db": "BID",
            "id": "76393"
          },
          {
            "date": "2015-08-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          },
          {
            "date": "2015-08-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-447"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-2984"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-447"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA LAN routers vulnerable in UPnP functionality",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000117"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-447"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201609-0259

    Vulnerability from variot - Updated: 2025-04-13 23:39

    Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content. Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page, an arbitrary content may be deleted. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. IO DATA DEVICE HVL-A, etc. A remote attacker could exploit this vulnerability to delete content. The following versions are affected: The following products using firmware versions earlier than 2.04 are affected: IO DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL -AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, HVL-AT4.0A

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0259",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "hvl-a4.0",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "2.03"
          },
          {
            "model": "hvl-at4.0a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "2.03"
          },
          {
            "model": "hvl-at1.0s",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "2.03"
          },
          {
            "model": "hvl-a2.0",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "2.03"
          },
          {
            "model": "hvl-at2.0",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "2.03"
          },
          {
            "model": "hvl-at2.0a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "2.03"
          },
          {
            "model": "hvl-at4.0",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "2.03"
          },
          {
            "model": "hvl-a3.0",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "2.03"
          },
          {
            "model": "hvl-at3.0a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "2.03"
          },
          {
            "model": "hvl-at3.0",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "2.03"
          },
          {
            "model": "hvl-a2.0",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "prior to 2.04"
          },
          {
            "model": "hvl-a3.0",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "prior to 2.04"
          },
          {
            "model": "hvl-a4.0",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "prior to 2.04"
          },
          {
            "model": "hvl-at1.0s",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "prior to 2.04"
          },
          {
            "model": "hvl-at2.0",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "prior to 2.04"
          },
          {
            "model": "hvl-at2.0a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "prior to 2.04"
          },
          {
            "model": "hvl-at3.0",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "prior to 2.04"
          },
          {
            "model": "hvl-at3.0a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "prior to 2.04"
          },
          {
            "model": "hvl-at4.0",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "prior to 2.04"
          },
          {
            "model": "hvl-at4.0a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "prior to 2.04"
          },
          {
            "model": "i-o data device hvl-a2.0",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "0"
          },
          {
            "model": "i-o data device hvl-a3.0",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "0"
          },
          {
            "model": "i-o data device hvl-at1.0s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "0"
          },
          {
            "model": "i-o data device hvl-at2.0",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "0"
          },
          {
            "model": "i-o data device hvl-at3.0",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "0"
          },
          {
            "model": "i-o data device hvl-at2.0a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "0"
          },
          {
            "model": "i-o data device hvl-at3.0a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "0"
          },
          {
            "model": "i-o data device hvl-at4.0a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "0"
          },
          {
            "model": "i-o data device hvl-at4.0",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "0"
          },
          {
            "model": "data device hvl-at4.0a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "0"
          },
          {
            "model": "data device hvl-at4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "0"
          },
          {
            "model": "data device hvl-at3.0a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "0"
          },
          {
            "model": "data device hvl-at3.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "0"
          },
          {
            "model": "data device hvl-at2.0a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "0"
          },
          {
            "model": "data device hvl-at2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "0"
          },
          {
            "model": "data device hvl-at1.0s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "0"
          },
          {
            "model": "data device hvl-a4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "0"
          },
          {
            "model": "data device hvl-a3.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "0"
          },
          {
            "model": "data device hvl-a2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "i o",
            "version": "0"
          },
          {
            "model": "data device hvl-at4.0a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "2.04"
          },
          {
            "model": "data device hvl-at4.0",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "2.04"
          },
          {
            "model": "data device hvl-at3.0a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "2.04"
          },
          {
            "model": "data device hvl-at3.0",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "2.04"
          },
          {
            "model": "data device hvl-at2.0a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "2.04"
          },
          {
            "model": "data device hvl-at2.0",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "2.04"
          },
          {
            "model": "data device hvl-at1.0s",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "2.04"
          },
          {
            "model": "data device hvl-a4.0",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "2.04"
          },
          {
            "model": "data device hvl-a3.0",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "2.04"
          },
          {
            "model": "data device hvl-a2.0",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "i o",
            "version": "2.04"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09923"
          },
          {
            "db": "BID",
            "id": "92352"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-227"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4845"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:hvl-a2.0_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:hvl-a3.0_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:hvl-a4.0_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:hvl-at1.0s_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:hvl-at2.0_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:hvl-at2.0a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:hvl-at3.0_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:hvl-at3.0a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:hvl-at4.0_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:hvl-at4.0a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kaito834",
        "sources": [
          {
            "db": "BID",
            "id": "92352"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-227"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-4845",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-4845",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000134",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-09923",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-93664",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-4845",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000134",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-4845",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000134",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-09923",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201608-227",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-93664",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09923"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93664"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-227"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4845"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content. Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page, an arbitrary content may be deleted. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. IO DATA DEVICE HVL-A, etc. A remote attacker could exploit this vulnerability to delete content. The following versions are affected: The following products using firmware versions earlier than 2.04 are affected: IO DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL -AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, HVL-AT4.0A",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4845"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-09923"
          },
          {
            "db": "BID",
            "id": "92352"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93664"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN35062083",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4845",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000134",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "92352",
            "trust": 2.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-09923",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-227",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-93664",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09923"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93664"
          },
          {
            "db": "BID",
            "id": "92352"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-227"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4845"
          }
        ]
      },
      "id": "VAR-201609-0259",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09923"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93664"
          }
        ],
        "trust": 1.6375
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09923"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:39:31.106000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2016/hvl-a_csrf/"
          },
          {
            "title": "Patches for cross-site request forgery vulnerabilities for multiple I-ODATADEVICE products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/80512"
          },
          {
            "title": "Multiple I-O DATA DEVICE Repair measures for product cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63615"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-227"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-93664"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4845"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://jvn.jp/en/jp/jvn35062083/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/92352"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2016/hvl-a_csrf/"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000134"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4845"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4845"
          },
          {
            "trust": 0.6,
            "url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000134.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.iodata.jp/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09923"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93664"
          },
          {
            "db": "BID",
            "id": "92352"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-227"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4845"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-09923"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93664"
          },
          {
            "db": "BID",
            "id": "92352"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-227"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4845"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-08-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-09923"
          },
          {
            "date": "2016-09-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-93664"
          },
          {
            "date": "2016-08-08T00:00:00",
            "db": "BID",
            "id": "92352"
          },
          {
            "date": "2016-08-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          },
          {
            "date": "2016-08-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201608-227"
          },
          {
            "date": "2016-09-24T10:59:01.243000",
            "db": "NVD",
            "id": "CVE-2016-4845"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-10-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-09923"
          },
          {
            "date": "2017-02-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-93664"
          },
          {
            "date": "2016-08-08T00:00:00",
            "db": "BID",
            "id": "92352"
          },
          {
            "date": "2016-10-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          },
          {
            "date": "2016-09-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201608-227"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-4845"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-227"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000134"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201608-227"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201605-0315

    Vulnerability from variot - Updated: 2025-04-13 23:37

    Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. WN-G300R Series provided by I-O DATA DEVICE, INC. contains a cross-site scripting vulnerability. WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Yuta TESHIMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. WN-G300R Series Routers are prone to an unspecified HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The following versions are vulnerable: WN-G300R firmware Ver.1.12 and prior. WN-G300R2 firmware Ver.1.12 and prior. WN-G300R3 firmware Ver.1.01 and prior. IO DATA WN-G300R etc. Attackers can exploit this vulnerability to inject arbitrary web scripts or HTML

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0315",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wn-g300r3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.01"
          },
          {
            "model": "wn-g300r",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.12"
          },
          {
            "model": "wn-g300r2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.12"
          },
          {
            "model": "wn-g300r",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "ver.1.12"
          },
          {
            "model": "wn-g300r2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "ver.1.12"
          },
          {
            "model": "wn-g300r3",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "ver.1.01"
          },
          {
            "model": "data device wn-g300r",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o",
            "version": "\u003c=1.12"
          },
          {
            "model": "data device wn-g300r2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o",
            "version": "\u003c=1.12"
          },
          {
            "model": "data device wn-g300r3",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o",
            "version": "\u003c=1.01"
          },
          {
            "model": "wn-g300r2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "wn-g300r3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "wn-g300r",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03193"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-377"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1207"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r3_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Yuta TESHIMA of Cyber Defense Institute, Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "90609"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-1207",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2016-1207",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000062",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.4,
                "id": "CNVD-2016-03193",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-90026",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2016-1207",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000062",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-1207",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000062",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-03193",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201605-377",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-90026",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03193"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90026"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-377"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1207"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. WN-G300R Series provided by I-O DATA DEVICE, INC. contains a cross-site scripting vulnerability. WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Yuta TESHIMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. WN-G300R Series Routers are prone to an unspecified HTML-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. \nThe following versions are vulnerable:\nWN-G300R firmware Ver.1.12 and prior. \nWN-G300R2 firmware Ver.1.12 and prior. \nWN-G300R3 firmware Ver.1.01 and prior. IO DATA WN-G300R etc. Attackers can exploit this vulnerability to inject arbitrary web scripts or HTML",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-03193"
          },
          {
            "db": "BID",
            "id": "90609"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90026"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN22978346",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1207",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000062",
            "trust": 3.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-03193",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-377",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "90609",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-90026",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03193"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90026"
          },
          {
            "db": "BID",
            "id": "90609"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-377"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1207"
          }
        ]
      },
      "id": "VAR-201605-0315",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03193"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90026"
          }
        ],
        "trust": 1.5194444333333332
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03193"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:37:29.122000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2016/wn-g300r_xss/"
          },
          {
            "title": "Patch for multiple cross-site scripting vulnerabilities in I-ODATA products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/75964"
          },
          {
            "title": "Multiple I-O DATA WN-G300R Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61694"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03193"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-377"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-90026"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1207"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://jvn.jp/en/jp/jvn22978346/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2016/wn-g300r_xss/"
          },
          {
            "trust": 1.2,
            "url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000062.html"
          },
          {
            "trust": 1.1,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000062"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1207"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1207"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03193"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90026"
          },
          {
            "db": "BID",
            "id": "90609"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-377"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1207"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03193"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90026"
          },
          {
            "db": "BID",
            "id": "90609"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-377"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1207"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-03193"
          },
          {
            "date": "2016-05-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90026"
          },
          {
            "date": "2016-05-12T00:00:00",
            "db": "BID",
            "id": "90609"
          },
          {
            "date": "2016-05-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          },
          {
            "date": "2016-05-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-377"
          },
          {
            "date": "2016-05-14T16:59:01.197000",
            "db": "NVD",
            "id": "CVE-2016-1207"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-03193"
          },
          {
            "date": "2016-05-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90026"
          },
          {
            "date": "2016-05-12T00:00:00",
            "db": "BID",
            "id": "90609"
          },
          {
            "date": "2016-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          },
          {
            "date": "2016-05-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-377"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-1207"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-377"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WN-G300R Series vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000062"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-377"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201605-0314

    Vulnerability from variot - Updated: 2025-04-13 23:23

    The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. WN-GDN/R3 Series provided by I-O DATA DEVICE, INC. does not limit authentication attempts. WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. WN-GDN/R3 Series Routers are prone to an authentication-bypass vulnerability. Successfully exploiting this issue may lead to further attacks. The following products are affected: WN-GDN/R3 WN-GDN/R3-S WN-GDN/R3-U WN-GDN/R3-C. There are security vulnerabilities in the WPS implementation of several IO DATA DEVICE products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0314",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wn-gdn\\/r3",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "wn-gdn/r3",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "wn-gdn/r3-c",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "wn-gdn/r3-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "wn-gdn/r3-u",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "data device wn-gdn/r3",
            "scope": null,
            "trust": 0.6,
            "vendor": "i o",
            "version": null
          },
          {
            "model": "data device wn-gdn/r3-c",
            "scope": null,
            "trust": 0.6,
            "vendor": "i o",
            "version": null
          },
          {
            "model": "data device wn-gdn/r3-s",
            "scope": null,
            "trust": 0.6,
            "vendor": "i o",
            "version": null
          },
          {
            "model": "data device wn-gdn/r3-u",
            "scope": null,
            "trust": 0.6,
            "vendor": "i o",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03198"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-376"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1206"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-gdn%2fr3",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-gdn%2fr3-c",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-gdn%2fr3-s",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-gdn%2fr3-u",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi.",
        "sources": [
          {
            "db": "BID",
            "id": "90613"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-1206",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2016-1206",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000061",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2016-03198",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "VHN-90025",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-1206",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000061",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-1206",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000061",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-03198",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201605-376",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-90025",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03198"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90025"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-376"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1206"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. WN-GDN/R3 Series provided by I-O DATA DEVICE, INC. does not limit authentication attempts. WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. WN-GDN/R3 Series Routers are prone to an authentication-bypass vulnerability. Successfully  exploiting this issue may lead to further attacks. \nThe following products are affected:\nWN-GDN/R3\nWN-GDN/R3-S\nWN-GDN/R3-U\nWN-GDN/R3-C. There are security vulnerabilities in the WPS implementation of several IO DATA DEVICE products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1206"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-03198"
          },
          {
            "db": "BID",
            "id": "90613"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90025"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-1206",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN25674893",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000061",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-03198",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-376",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "90613",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-90025",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03198"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90025"
          },
          {
            "db": "BID",
            "id": "90613"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-376"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1206"
          }
        ]
      },
      "id": "VAR-201605-0314",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03198"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90025"
          }
        ],
        "trust": 1.575
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03198"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:23:36.297000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/"
          },
          {
            "title": "Manual - Settings screen",
            "trust": 0.8,
            "url": "http://www.iodata.jp/lib/manual/wn-gdn_r3_h01/htm2/set06.htm"
          },
          {
            "title": "Patches for multiple I-ODATADEVICE product PIN recovery vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/75962"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03198"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-287",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-90025"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1206"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://jvn.jp/en/jp/jvn25674893/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/"
          },
          {
            "trust": 1.1,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000061"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1206"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu723755/"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1206"
          },
          {
            "trust": 0.6,
            "url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000061.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03198"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90025"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-376"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1206"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03198"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90025"
          },
          {
            "db": "BID",
            "id": "90613"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-376"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1206"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-03198"
          },
          {
            "date": "2016-05-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90025"
          },
          {
            "date": "2016-05-12T00:00:00",
            "db": "BID",
            "id": "90613"
          },
          {
            "date": "2016-05-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          },
          {
            "date": "2016-05-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-376"
          },
          {
            "date": "2016-05-14T16:59:00.133000",
            "db": "NVD",
            "id": "CVE-2016-1206"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-03198"
          },
          {
            "date": "2016-05-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90025"
          },
          {
            "date": "2016-05-12T00:00:00",
            "db": "BID",
            "id": "90613"
          },
          {
            "date": "2016-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          },
          {
            "date": "2016-05-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-376"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-1206"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-376"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WN-GDN/R3 Series does not limit authentication attempts",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000061"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-376"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201606-0178

    Vulnerability from variot - Updated: 2025-04-13 23:14

    Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability (CWE-352). Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0178",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "etx-r",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "etx-r",
            "scope": null,
            "trust": 1.4,
            "vendor": "i o data device",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-312"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4820"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:etx-r",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000100"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Junichi MURAKAMI of FFRI, Inc",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-312"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-4820",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-4820",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000100",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2016-04211",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-93639",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-4820",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000100",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-4820",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000100",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-04211",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201606-312",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-93639",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-312"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4820"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability (CWE-352). Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4820"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000100"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          },
          {
            "db": "BID",
            "id": "91173"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93639"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN61317238",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4820",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000100",
            "trust": 3.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-312",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04211",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "91173",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-93639",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93639"
          },
          {
            "db": "BID",
            "id": "91173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-312"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4820"
          }
        ]
      },
      "id": "VAR-201606-0178",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93639"
          }
        ],
        "trust": 0.06999999999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:14:16.362000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2016/etx-r/"
          },
          {
            "title": "Patch for I-ODATADEVICEETX-R cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/77932"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000100"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-93639"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000100"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4820"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://jvn.jp/en/jp/jvn61317238/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2016/etx-r/"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000100"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4820"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4820"
          },
          {
            "trust": 0.6,
            "url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000100.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.iodata.jp/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93639"
          },
          {
            "db": "BID",
            "id": "91173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-312"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4820"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93639"
          },
          {
            "db": "BID",
            "id": "91173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-312"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4820"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-06-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          },
          {
            "date": "2016-06-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-93639"
          },
          {
            "date": "2016-06-14T00:00:00",
            "db": "BID",
            "id": "91173"
          },
          {
            "date": "2016-06-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000100"
          },
          {
            "date": "2016-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-312"
          },
          {
            "date": "2016-06-19T01:59:13.857000",
            "db": "NVD",
            "id": "CVE-2016-4820"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-06-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          },
          {
            "date": "2016-06-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-93639"
          },
          {
            "date": "2016-06-14T00:00:00",
            "db": "BID",
            "id": "91173"
          },
          {
            "date": "2016-06-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000100"
          },
          {
            "date": "2016-06-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-312"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-4820"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-312"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA DEVICE ETX-R Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04211"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-312"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-312"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201407-0486

    Vulnerability from variot - Updated: 2025-04-13 22:28

    The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability.An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. I-O DATA DEVICE I-O DATA TS-WLCAM and others are camera products of Japan I-O DATA DEVICE. Security vulnerabilities exist in several I-O DATA DEVICE I-O DATA IP Cameras products. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0486",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts-wlcam\\/v camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.0.6"
          },
          {
            "model": "ts-wptcam camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.0.8"
          },
          {
            "model": "ts-wlc2 camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.02"
          },
          {
            "model": "ts-wlc2 camera",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "ts-wlcam camera",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "ts-wlcam camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.06"
          },
          {
            "model": "ts-ptcam camera",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "ts-wptcam camera",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "ts-ptcam camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.08"
          },
          {
            "model": "ts-wlcam\\/v camera",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "ts-ptcam\\/poe camera",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.08"
          },
          {
            "model": "ts-ptcam\\/poe camera",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.08"
          },
          {
            "model": "ts-ptcam/poe",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.08"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.02"
          },
          {
            "model": "ts-wlcam",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.06"
          },
          {
            "model": "ts-wlcam/v",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.06"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.08"
          },
          {
            "model": "ts-ptcam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.08"
          },
          {
            "model": "ts-ptcam/poe",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.08"
          },
          {
            "model": "ts-wlc2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.02"
          },
          {
            "model": "ts-wlcam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.06"
          },
          {
            "model": "ts-wlcam/v",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.06"
          },
          {
            "model": "ts-wptcam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.06"
          },
          {
            "model": "ts-wptcam camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.0.8"
          },
          {
            "model": "ts-wlc2 camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.02"
          },
          {
            "model": "ts-ptcam camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.08"
          },
          {
            "model": "ts-wlcam\\/v camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.0.6"
          },
          {
            "model": "ts-wlcam camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.06"
          },
          {
            "model": "ts-ptcam\\/poe camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.08"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-04720"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201407-707"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3895"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-ptcam%2Fpoe_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wlc2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wlcam_camera_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wlcam%2Fv_camera_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:ts-wptcam_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "68989"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-3895",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-3895",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 6.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2014-000087",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-04720",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-71835",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-3895",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2014-000087",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-04720",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201407-707",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-71835",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-04720"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71835"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201407-707"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3895"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability.An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. I-O DATA DEVICE I-O DATA TS-WLCAM and others are camera products of Japan I-O DATA DEVICE. Security vulnerabilities exist in several I-O DATA DEVICE I-O DATA IP Cameras products. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-3895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-04720"
          },
          {
            "db": "BID",
            "id": "68989"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71835"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-3895",
            "trust": 3.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000087",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN94592501",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "68989",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201407-707",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-04720",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-71835",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-04720"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71835"
          },
          {
            "db": "BID",
            "id": "68989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201407-707"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3895"
          }
        ]
      },
      "id": "VAR-201407-0486",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-04720"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71835"
          }
        ],
        "trust": 1.50159314
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-04720"
          }
        ]
      },
      "last_update_date": "2025-04-13T22:28:16.619000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2014/qwatch/"
          },
          {
            "title": "A variety of I-O DATA DEVICE I-O DATA IP Cameras security bypass vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/48075"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-04720"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-71835"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3895"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000087"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2014/qwatch/"
          },
          {
            "trust": 1.7,
            "url": "http://jvn.jp/en/jp/jvn94592501/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3895"
          },
          {
            "trust": 0.8,
            "url": "http://www.ipa.go.jp/security/ciadr/vul/20140729-jvn.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/en/jp/jvn94592501/"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3895"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-04720"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71835"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201407-707"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3895"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-04720"
          },
          {
            "db": "VULHUB",
            "id": "VHN-71835"
          },
          {
            "db": "BID",
            "id": "68989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201407-707"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-3895"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-07-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-04720"
          },
          {
            "date": "2014-07-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-71835"
          },
          {
            "date": "2014-07-31T00:00:00",
            "db": "BID",
            "id": "68989"
          },
          {
            "date": "2014-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          },
          {
            "date": "2014-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201407-707"
          },
          {
            "date": "2014-07-29T20:55:08.583000",
            "db": "NVD",
            "id": "CVE-2014-3895"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-07-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-04720"
          },
          {
            "date": "2014-07-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-71835"
          },
          {
            "date": "2014-07-31T00:00:00",
            "db": "BID",
            "id": "68989"
          },
          {
            "date": "2014-08-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          },
          {
            "date": "2014-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201407-707"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-3895"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201407-707"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA IP Cameras vulnerable to authentication bypass",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000087"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201407-707"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201310-0460

    Vulnerability from variot - Updated: 2025-04-11 23:19

    I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. I-O DATA HDL is a network mobile device with built-in LAN connectivity. I-O DATA HDL has an unspecified error that allows an attacker to exploit a vulnerability to hijack other user sessions. Multiple I-O DATA products are prone to an unspecified session-hijacking vulnerability. Following devices running firmware versions 1.07 and prior are vulnerable: HDL-A series including HDL-AS, HDL-AH and HDL-A/E HDL2-A series including HDL2-AH and HDL2-A/E

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201310-0460",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "hdl2-ah",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "hdl-as",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "hdl-ah",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "hdl-a\\/e",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "hdl2-a\\/e",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "hdl-a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.07"
          },
          {
            "model": "hdl2-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.07"
          },
          {
            "model": "hdl-a series",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "hdl-a series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "(includes hdl-as, hdl-ah, hdl-a/e series) firmware version 1.07"
          },
          {
            "model": "hdl-a/e series",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "hdl-ah series",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "hdl-as series",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "hdl2-a series",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "hdl2-a series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "(includes hdl2-ah, hdl2-a/e series) firmware version 1.07"
          },
          {
            "model": "hdl2-a/e series",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "hdl2-ah series",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "data hdl-a series",
            "scope": null,
            "trust": 0.6,
            "vendor": "i o",
            "version": null
          },
          {
            "model": "data hdl2-a series",
            "scope": null,
            "trust": 0.6,
            "vendor": "i o",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4712"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-a",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-a%2fe",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-ah",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-as",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl2-a",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl2-a%2fe",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl2-ah",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kazuki Hirota from Keio University Keiji Takeda Research Group.",
        "sources": [
          {
            "db": "BID",
            "id": "63225"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2013-4712",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2013-4712",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2013-000095",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2013-14024",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-64714",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-4712",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2013-000095",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-14024",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201310-471",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-64714",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4712"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. I-O DATA HDL is a network mobile device with built-in LAN connectivity. I-O DATA HDL has an unspecified error that allows an attacker to exploit a vulnerability to hijack other user sessions. Multiple I-O DATA products are prone to an unspecified session-hijacking vulnerability. \nFollowing devices running firmware versions 1.07 and prior are vulnerable:\nHDL-A series including HDL-AS, HDL-AH and HDL-A/E\nHDL2-A series including HDL2-AH and HDL2-A/E",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-4712"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-14024"
          },
          {
            "db": "BID",
            "id": "63225"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64714"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-4712",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000095",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN52509236",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "63225",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-471",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-14024",
            "trust": 0.6
          },
          {
            "db": "JVN",
            "id": "JVN#52509236",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-64714",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64714"
          },
          {
            "db": "BID",
            "id": "63225"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4712"
          }
        ]
      },
      "id": "VAR-201310-0460",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64714"
          }
        ],
        "trust": 1.3666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14024"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:19:27.462000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iobb.net/remotelinkaccess/"
          },
          {
            "title": "Patch for Unknown Session Hijacking Vulnerabilities in Multiple I-O DATA Products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/40481"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-64714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4712"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://jvn.jp/en/jp/jvn52509236/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://jvn.jp/en/jp/jvn52509236/225184/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://rm2.iobb.net"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2013-000095"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4712"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4712"
          },
          {
            "trust": 0.6,
            "url": "http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000095.html"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/jp/jvn52509236/index.html"
          },
          {
            "trust": 0.6,
            "url": "http://jvndb.jvn.jp/ja/contents/2013/jvndb-2013-000095.html"
          },
          {
            "trust": 0.6,
            "url": "http:"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4712"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64714"
          },
          {
            "db": "BID",
            "id": "63225"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-471"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4712"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-10-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-14024"
          },
          {
            "date": "2013-10-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-64714"
          },
          {
            "date": "2013-10-18T00:00:00",
            "db": "BID",
            "id": "63225"
          },
          {
            "date": "2013-10-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          },
          {
            "date": "2013-10-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201310-471"
          },
          {
            "date": "2013-10-19T10:36:07.697000",
            "db": "NVD",
            "id": "CVE-2013-4712"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-10-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-14024"
          },
          {
            "date": "2013-10-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-64714"
          },
          {
            "date": "2013-10-18T00:00:00",
            "db": "BID",
            "id": "63225"
          },
          {
            "date": "2013-10-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          },
          {
            "date": "2013-10-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201310-471"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2013-4712"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-471"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HDL-A and HDL2-A Series vulnerable in session management",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000095"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-471"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201311-0283

    Vulnerability from variot - Updated: 2025-04-11 23:10

    Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. I-O DATA RockDisk NAS incorrectly filters data returned to users, allowing remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information, or hijack user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0283",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.04n-2.0.1"
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.03v3-1.13"
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.04a-1.2"
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.03w-1.14"
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.04m-2.0.1"
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.03y-1.16"
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.04r3-2.0.1"
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.04t-2.0.2"
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "iodata",
            "version": "1.04b-1.21"
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iodata",
            "version": null
          },
          {
            "model": "rockdisk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.05c-2.0.3"
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.04d-2.0.1"
          },
          {
            "model": "rockdisk",
            "scope": null,
            "trust": 0.8,
            "vendor": "i o data device",
            "version": null
          },
          {
            "model": "rockdisk",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "version 1.05e1-2.0.5"
          },
          {
            "model": "data rockdisk nas 1.05c-2.0.3",
            "scope": null,
            "trust": 0.6,
            "vendor": "i o",
            "version": null
          },
          {
            "model": "rockdisk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.05c-2.0.3"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-720"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4713"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:rockdisk",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:i-o_data_device:rockdisk_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Yuji Tounai of bogus.jp",
        "sources": [
          {
            "db": "BID",
            "id": "63392"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-720"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-4713",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2013-4713",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2013-000096",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2013-14194",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-64715",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-4713",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2013-000096",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-14194",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201310-720",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-64715",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14194"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64715"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-720"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4713"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. I-O DATA RockDisk NAS incorrectly filters data returned to users, allowing remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information, or hijack user sessions. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-4713"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-14194"
          },
          {
            "db": "BID",
            "id": "63392"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64715"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096",
            "trust": 3.9
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4713",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN74608669",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "63392",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "55463",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-14194",
            "trust": 0.6
          },
          {
            "db": "JVN",
            "id": "JVN#74608669",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-720",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-64715",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14194"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64715"
          },
          {
            "db": "BID",
            "id": "63392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-720"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4713"
          }
        ]
      },
      "id": "VAR-201311-0283",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14194"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64715"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14194"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:10:35.095000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
          },
          {
            "title": "I-O DATA RockDisk NAS has patches for unidentified cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/40628"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-64715"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4713"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://jvn.jp/en/jp/jvn74608669/index.html"
          },
          {
            "trust": 3.1,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2013-000096"
          },
          {
            "trust": 1.7,
            "url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4713"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4713"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/55463/"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/63392"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14194"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64715"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-720"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4713"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14194"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64715"
          },
          {
            "db": "BID",
            "id": "63392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-720"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4713"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-11-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-14194"
          },
          {
            "date": "2013-11-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-64715"
          },
          {
            "date": "2013-10-29T00:00:00",
            "db": "BID",
            "id": "63392"
          },
          {
            "date": "2013-10-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          },
          {
            "date": "2013-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201310-720"
          },
          {
            "date": "2013-11-01T02:55:04.933000",
            "db": "NVD",
            "id": "CVE-2013-4713"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-11-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-14194"
          },
          {
            "date": "2013-11-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-64715"
          },
          {
            "date": "2013-11-01T01:01:00",
            "db": "BID",
            "id": "63392"
          },
          {
            "date": "2014-07-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          },
          {
            "date": "2013-11-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201310-720"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2013-4713"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-720"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "RockDisk vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-000096"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201310-720"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0632

    Vulnerability from variot - Updated: 2025-01-30 21:26

    Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0632",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts-wrlp\\/e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.09.04"
          },
          {
            "model": "ts-wrlp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.09.04"
          },
          {
            "model": "ts-wrla",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.09.04"
          },
          {
            "model": "ts-wrla",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware ver.1.09.04"
          },
          {
            "model": "ts-wrlp",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware ver.1.09.04"
          },
          {
            "model": "ts-wrlp/e",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware ver.1.09.04"
          },
          {
            "model": "ts-wrlp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.09.04"
          },
          {
            "model": "ts-wrlp\\/e",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.09.04"
          },
          {
            "model": "ts-wrla",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.09.04"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-402"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0663"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:ts-wrla",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:ts-wrlp",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:i-o_data_device:ts-wrlp%2Fe",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          }
        ]
      },
      "cve": "CVE-2018-0663",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-0663",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 6.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/BS: 5.8AV:L/AC:L/Au:N/C:P/I:P/A:P/BS:4.6",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P/BS: 4.6",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-118865",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-0663",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 4.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 6.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 6.3",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Physical",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 4.3",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2018-000089",
                "trust": 2.4,
                "value": "Medium"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-0663",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-402",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-118865",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118865"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-402"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0663"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-0663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118865"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-0663",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVN83701666",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-402",
            "trust": 0.7
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-118865",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-118865"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-402"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0663"
          }
        ]
      },
      "id": "VAR-201809-0632",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-118865"
          }
        ],
        "trust": 0.02
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T21:26:53.764000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
          },
          {
            "title": "Multiple I-O DATA Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84696"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-402"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118865"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0663"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://jvn.jp/en/jp/jvn83701666/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0661"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0662"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0663"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0661"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0662"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0663"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-118865"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-402"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0663"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-118865"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-402"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0663"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118865"
          },
          {
            "date": "2018-08-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "date": "2018-09-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-402"
          },
          {
            "date": "2018-09-07T14:29:03.257000",
            "db": "NVD",
            "id": "CVE-2018-0663"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118865"
          },
          {
            "date": "2019-07-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "date": "2018-09-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-402"
          },
          {
            "date": "2024-11-21T03:38:41.593000",
            "db": "NVD",
            "id": "CVE-2018-0663"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-402"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in multiple I-O DATA network camera products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-402"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201802-0652

    Vulnerability from variot - Updated: 2024-11-23 22:48

    Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability (CWE-78). Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in the affected device may execute an arbitrary OS command. I-ODATADEVICEHDL-XR/XRWseries and so on are different series of network attached storage devices of Japan I-ODATADEVICE. There are operating system command injection vulnerabilities in MagicalFinder in several I-ODATADEVICE products. The following products and versions are affected: HDL-XR/XRW series with firmware version 2.01 and earlier; HDL-XR2U/XR2UW series with firmware version 2.01 and earlier; HDL-XV/XVW series with firmware version 1.50 and earlier; HDL-GT series with firmware version 1.37 and earlier; HDL-GTR series with firmware version earlier than 1.37, etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201802-0652",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "hdl-gtr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.37"
          },
          {
            "model": "hdl-ah",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.26"
          },
          {
            "model": "hdl-xvw",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.50"
          },
          {
            "model": "whg-ac1750a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "3.00"
          },
          {
            "model": "wn-g300sr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.00"
          },
          {
            "model": "wn-g300r",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.14"
          },
          {
            "model": "gv-ntx2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.02.00"
          },
          {
            "model": "hdl2-ah",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.26"
          },
          {
            "model": "wnpr1167g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.00"
          },
          {
            "model": "hdl2-a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.26"
          },
          {
            "model": "wn-ag300dgr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.05"
          },
          {
            "model": "hdl-xr2uw",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "2.01"
          },
          {
            "model": "wn-gx300gr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "2.00"
          },
          {
            "model": "whg-ac1750",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.07"
          },
          {
            "model": "wn-ac1600dgr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "2.06"
          },
          {
            "model": "hdl-a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.26"
          },
          {
            "model": "wn-ax1167gr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "3.11"
          },
          {
            "model": "hdl-xr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "2.01"
          },
          {
            "model": "hdl-xv",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.50"
          },
          {
            "model": "bx-vp1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "2.01"
          },
          {
            "model": "wn-ac583rk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.06"
          },
          {
            "model": "wn-ac1167dgr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.02"
          },
          {
            "model": "wnpr1167f",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.00"
          },
          {
            "model": "hdl-xr2u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "2.01"
          },
          {
            "model": "wn-ac1300ex",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.02"
          },
          {
            "model": "hls-c",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.12"
          },
          {
            "model": "wn-ag750dgr",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.08"
          },
          {
            "model": "hvl-ata",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "2.04"
          },
          {
            "model": "hdl-xrw",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "2.01"
          },
          {
            "model": "wnpr2600g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.01"
          },
          {
            "model": "whg-napg",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.08"
          },
          {
            "model": "hvl-s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.00"
          },
          {
            "model": "wn-g300ex",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.01"
          },
          {
            "model": "hvl-at",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "2.04"
          },
          {
            "model": "hdl-gt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.37"
          },
          {
            "model": "whg-napgal",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.05"
          },
          {
            "model": "hfas1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.40"
          },
          {
            "model": "whg-napga",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.08"
          },
          {
            "model": "whg-ac1750al",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.07"
          },
          {
            "model": "hvl-a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "2.04"
          },
          {
            "model": "wnpr1750g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.01"
          },
          {
            "model": "gv-ntx1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.02.00"
          },
          {
            "model": "wn-g300r3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.04"
          },
          {
            "model": "wn-ac583trk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.05"
          },
          {
            "model": "hdl-t",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.12"
          },
          {
            "model": "bx-vp1",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 2.01"
          },
          {
            "model": "gv-ntx1",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.02.00"
          },
          {
            "model": "gv-ntx2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.02.00"
          },
          {
            "model": "hdl-a series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.26"
          },
          {
            "model": "hdl-ah series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.26"
          },
          {
            "model": "hdl-gt series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.37"
          },
          {
            "model": "hdl-gtr series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.37"
          },
          {
            "model": "hdl-t series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.12"
          },
          {
            "model": "hdl-xr series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 2.01"
          },
          {
            "model": "hdl-xr2u series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 2.01"
          },
          {
            "model": "hdl-xr2uw series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 2.01"
          },
          {
            "model": "hdl-xrw series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 2.01"
          },
          {
            "model": "hdl-xv series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.50"
          },
          {
            "model": "hdl-xvw series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.50"
          },
          {
            "model": "hdl2-a series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.26"
          },
          {
            "model": "hdl2-ah series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.26"
          },
          {
            "model": "hfas1 series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.40"
          },
          {
            "model": "hls-c series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.12"
          },
          {
            "model": "hvl-a series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 2.04"
          },
          {
            "model": "hvl-at series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 2.04"
          },
          {
            "model": "hvl-ata series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 2.04"
          },
          {
            "model": "hvl-s series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.00"
          },
          {
            "model": "whg-ac1750/a",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 3.00"
          },
          {
            "model": "whg-ac1750/al",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.07"
          },
          {
            "model": "whg-napg/a",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.08"
          },
          {
            "model": "whg-napg/al",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.05"
          },
          {
            "model": "wn-ac1167dgr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.02"
          },
          {
            "model": "wn-ac1300ex",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.02"
          },
          {
            "model": "wn-ac1600dgr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 2.06"
          },
          {
            "model": "wn-ac583rk",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.06"
          },
          {
            "model": "wn-ac583trk",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.05"
          },
          {
            "model": "wn-ag300dgr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.05"
          },
          {
            "model": "wn-ag750dgr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.08"
          },
          {
            "model": "wn-ax1167gr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 3.11"
          },
          {
            "model": "wn-g300ex",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.01"
          },
          {
            "model": "wn-g300r",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.14"
          },
          {
            "model": "wn-g300r3",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.04"
          },
          {
            "model": "wn-g300sr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.00"
          },
          {
            "model": "wn-gx300gr",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 2.00"
          },
          {
            "model": "wnpr1167f",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.00"
          },
          {
            "model": "wnpr1167g",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.00"
          },
          {
            "model": "wnpr1750g",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.01"
          },
          {
            "model": "wnpr2600g",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware version 1.01"
          },
          {
            "model": "hdl-gtr series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.37"
          },
          {
            "model": "hdl-gt series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.37"
          },
          {
            "model": "hdl-xv/xvw series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=1.50"
          },
          {
            "model": "hdl-xr2u/xr2uw series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=2.0.1"
          },
          {
            "model": "hdl-xr/xrw series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "i o data device",
            "version": "\u003c=2.01"
          },
          {
            "model": "wn-ac1600dgr",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "2.06"
          },
          {
            "model": "wn-g300r",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.14"
          },
          {
            "model": "wn-ac1300ex",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.02"
          },
          {
            "model": "wn-g300r3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.04"
          },
          {
            "model": "wn-ag300dgr",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.05"
          },
          {
            "model": "wn-ac1167dgr",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.02"
          },
          {
            "model": "wn-ac583trk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.05"
          },
          {
            "model": "wn-g300sr",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.00"
          },
          {
            "model": "wn-g300ex",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.01"
          },
          {
            "model": "wn-ac583rk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-259"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0512"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:bx-vp1",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:gv-ntx1",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:gv-ntx2",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-a",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-ah",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-gt",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-gtr",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-t",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-xr",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-xr2u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-xr2uw",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-xrw",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-xv",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl-xvw",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl2-a",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hdl2-ah",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hfas1",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hls-c",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hvl-a",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hvl-at",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hvl-ata",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:hvl-s",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:whg-ac1750a",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:whg-ac1750%2fal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:whg-napga",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:whg-napgal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-ac1167dgr",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-ac1300ex",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-ac1600dgr",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-ac583rk",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-ac583trk",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-ag300dgr",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-ag750dgr",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-ax1167gr",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-g300ex",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-g300r",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-g300r3",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-g300sr",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wn-gx300gr",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wnpr1167f",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wnpr1167g",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wnpr1750g",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:wnpr2600g",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          }
        ]
      },
      "cve": "CVE-2018-0512",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "id": "CVE-2018-0512",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000007",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2018-05725",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "id": "VHN-118714",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2018-0512",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000007",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-0512",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2018-000007",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-05725",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201802-259",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-118714",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05725"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-259"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0512"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Devices with IP address setting tool \"MagicalFinder\" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. Multiple I-O DATA network devices that incorporate \"MagicalFinder\" contain an OS command injection vulnerability (CWE-78). Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in the affected device may execute an arbitrary OS command. I-ODATADEVICEHDL-XR/XRWseries and so on are different series of network attached storage devices of Japan I-ODATADEVICE. There are operating system command injection vulnerabilities in MagicalFinder in several I-ODATADEVICE products. The following products and versions are affected: HDL-XR/XRW series with firmware version 2.01 and earlier; HDL-XR2U/XR2UW series with firmware version 2.01 and earlier; HDL-XV/XVW series with firmware version 1.50 and earlier; HDL-GT series with firmware version 1.37 and earlier; HDL-GTR series with firmware version earlier than 1.37, etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-0512"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05725"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118714"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-0512",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN36048131",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000007",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-259",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-05725",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-118714",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05725"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-259"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0512"
          }
        ]
      },
      "id": "VAR-201802-0652",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05725"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118714"
          }
        ],
        "trust": 1.4824074111111112
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05725"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:48:46.962000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2018/magicalfinder/"
          },
          {
            "title": "A variety of I-ODATADEVICE products MagicalFinder operating system command injection vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/122133"
          },
          {
            "title": "Multiple I-O DATA DEVICE product MagicalFinder Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78373"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-259"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0512"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn36048131/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2018/magicalfinder/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0512"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0512"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05725"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-259"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0512"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-05725"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-259"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0512"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05725"
          },
          {
            "date": "2018-02-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118714"
          },
          {
            "date": "2018-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          },
          {
            "date": "2018-02-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-259"
          },
          {
            "date": "2018-02-08T14:29:00.213000",
            "db": "NVD",
            "id": "CVE-2018-0512"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-05725"
          },
          {
            "date": "2018-03-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118714"
          },
          {
            "date": "2018-04-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          },
          {
            "date": "2018-02-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-259"
          },
          {
            "date": "2024-11-21T03:38:23.193000",
            "db": "NVD",
            "id": "CVE-2018-0512"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-259"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA network devices incorporating \"MagicalFinder\" vulnerable to OS command injection",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000007"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-259"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0631

    Vulnerability from variot - Updated: 2024-11-23 22:41

    Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. Several IO DATA products have security vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0631",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts-wrlp\\/e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.09.04"
          },
          {
            "model": "ts-wrlp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.09.04"
          },
          {
            "model": "ts-wrla",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "iodata",
            "version": "1.09.04"
          },
          {
            "model": "ts-wrla",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware ver.1.09.04"
          },
          {
            "model": "ts-wrlp",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware ver.1.09.04"
          },
          {
            "model": "ts-wrlp/e",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "i o data device",
            "version": "firmware ver.1.09.04"
          },
          {
            "model": "ts-wrlp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.09.04"
          },
          {
            "model": "ts-wrlp\\/e",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.09.04"
          },
          {
            "model": "ts-wrla",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "iodata",
            "version": "1.09.04"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-403"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0662"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:ts-wrla",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:i-o_data_device:ts-wrlp",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:i-o_data_device:ts-wrlp%2Fe",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          }
        ]
      },
      "cve": "CVE-2018-0662",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-0662",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 6.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/BS: 5.8AV:L/AC:L/Au:N/C:P/I:P/A:P/BS:4.6",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P/BS: 4.6",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-118864",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2018-0662",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 4.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 6.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 6.3",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Physical",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-000089",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 4.3",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2018-000089",
                "trust": 2.4,
                "value": "Medium"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-0662",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-403",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-118864",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-403"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0662"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. Several IO DATA products have security vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-0662"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118864"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN83701666",
            "trust": 2.5
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0662",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-403",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-118864",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-403"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0662"
          }
        ]
      },
      "id": "VAR-201809-0631",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118864"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:41:41.332000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "I-O DATA DEVICE, INC. website",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
          },
          {
            "title": "Multiple I-O DATA Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84697"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-403"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0662"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://jvn.jp/en/jp/jvn83701666/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0661"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0662"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0663"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0661"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0662"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0663"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-403"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0662"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-118864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-403"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0662"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118864"
          },
          {
            "date": "2018-08-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "date": "2018-09-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-403"
          },
          {
            "date": "2018-09-07T14:29:03.117000",
            "db": "NVD",
            "id": "CVE-2018-0662"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118864"
          },
          {
            "date": "2019-07-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-403"
          },
          {
            "date": "2024-11-21T03:38:41.417000",
            "db": "NVD",
            "id": "CVE-2018-0662"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-403"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in multiple I-O DATA network camera products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-000089"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-403"
          }
        ],
        "trust": 0.6
      }
    }