CVE-2014-1901 (GCVE-0-2014-1901)

Vulnerability from cvelistv5 – Published: 2015-05-14 00:00 – Updated: 2024-08-06 09:58
VLAI?
Summary
Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp. NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2014-05-01 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:58:15.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.y-cam.com/y-cam-security-fix/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp.  NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-13T23:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.y-cam.com/y-cam-security-fix/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-1901",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp.  NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850",
              "refsource": "MISC",
              "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"
            },
            {
              "name": "http://www.y-cam.com/y-cam-security-fix/",
              "refsource": "CONFIRM",
              "url": "http://www.y-cam.com/y-cam-security-fix/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-1901",
    "datePublished": "2015-05-14T00:00:00.000Z",
    "dateReserved": "2014-02-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T09:58:15.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2014-1901",
      "date": "2026-05-01",
      "epss": "0.00623",
      "percentile": "0.70208"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-1901\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-05-14T00:59:01.303\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp.  NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900.\"},{\"lang\":\"es\",\"value\":\"Los modelos de las cameras Y-Cam SD Range YCB003, YCK003, y YCW003; S Range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 y YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, y YCW003; y Y-cam Original Range YCB001, YCW001, con firmware 4.30 y anteriores, permiten a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (reinicio) a trav\u00e9s de (1) un par\u00e1metro de ruta malformado en en/store_main.asp, (2) un par\u00e1metro item malformado en en/account/accedit.asp, o (3) un par\u00e1metro emailid malformado en en/smtpclient.asp. NOTA: este problema puede ser explotado sin autenticaci\u00f3n mediante el aprovechamiento de CVE-2014-1900.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:C\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:yceb03_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC0FA174-49B2-45B0-82D3-80E83D442DCF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:yceb03:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC6F6239-2D4C-4F20-BB85-301C787DD808\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:ycb004_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C50FCDFA-1300-4973-AEBE-D7B727AEC1A7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:ycb004:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A00D067-234D-48F6-ACE2-997A9A60EF43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:ycb002_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B505C8A9-95DC-4251-BACF-23EE8103C524\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:ycb002:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E6969C-2AEC-42D1-9F6F-00C9423BC684\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:ycbl03_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"309B01F3-DCE3-49A9-8F7E-561C2A5C3899\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:y-cam:ycbl03:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC766B95-159C-40F7-B84E-6E6097C2EC11\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:ycblb3_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"056DC1DE-E31B-4A0E-AD91-A0CD77316CBA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:y-cam:ycblb3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8BDB126-2B64-4B21-9684-B6BB787B3BDA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:yck002_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA34B901-FEE3-4309-8BB9-CDDF5ECB3782\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:yck002:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8B2BC3A-03E6-4DC4-8C09-75997C3C56C6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:ycblhd5_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B678D585-5C88-4AB7-AF62-CF5569432A1B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:ycblhd5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D72DBFFE-E134-41C2-9313-7AFA2720DD1F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:ycw003_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCA12940-3215-455D-9B5F-C158ECC10197\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:ycw003:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47FE871C-3EE0-40AB-B111-9E56BA90C7BC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:ycw001_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F10FEB9-364E-48C2-8D37-DC678577574A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:ycw001:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A9FACF4-5E00-4CD0-A59E-34230854BCEF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:ycw002_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9251BC59-6F6E-4810-90D7-06472B121BD7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:ycw002:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FF06E4B-F4C4-458D-930D-15678A9670A0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:ycb001_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D69ABCC8-6551-471E-9DB1-5D4070A059FD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:ycb001:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB507934-9855-4461-BA34-29BA70213817\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:ycw004_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD1B7E67-C6F9-4493-B536-EA00963ED36A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:y-cam:ycw004:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DD0E4C1-5293-4635-9D54-701ED3B953CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:yck003_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9FA698D-D88E-49DA-BC07-D0CFE4B3A546\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:yck003:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A8F234B-8037-411E-8C7E-5747682EC4F8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:yck004_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5E8F270-58F5-4CEB-9143-7F84975D9FD3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:yck004:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1301039-D3AA-476C-ADD0-25927629A88F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:y-cam:ycb003_firmware:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A94BD56-0745-4A7C-80D8-45C929945DAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:y-cam:ycb003:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7FCB56E-0BC0-4086-AC60-6EC675900EA5\"}]}]}],\"references\":[{\"url\":\"http://www.y-cam.com/y-cam-security-fix/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.y-cam.com/y-cam-security-fix/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.