FKIE_CVE-2014-1900
Vulnerability from fkie_nvd - Published: 2015-05-14 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote attackers to bypass authentication and obtain sensitive information via a leading "/./" in a request to en/account/accedit.asp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| y-cam | ycb002_firmware | 4.30 | |
| y-cam | ycb002 | * | |
| y-cam | ycb004_firmware | 4.30 | |
| y-cam | ycb004 | * | |
| y-cam | ycw003_firmware | 4.30 | |
| y-cam | ycw003 | * | |
| y-cam | ycb001_firmware | 4.30 | |
| y-cam | ycb001 | * | |
| y-cam | ycblhd5_firmware | 4.30 | |
| y-cam | ycblhd5 | * | |
| y-cam | ycbl03_firmware | 4.30 | |
| y-cam | ycbl03 | * | |
| y-cam | ycblb3_firmware | 4.30 | |
| y-cam | ycblb3 | * | |
| y-cam | ycw001_firmware | 4.30 | |
| y-cam | ycw001 | * | |
| y-cam | yck004_firmware | 4.30 | |
| y-cam | yck004 | * | |
| y-cam | yck003_firmware | 4.30 | |
| y-cam | yck003 | * | |
| y-cam | ycw004_firmware | 4.30 | |
| y-cam | ycw004 | * | |
| y-cam | ycb003_firmware | 4.30 | |
| y-cam | ycb003 | * | |
| y-cam | yceb03_firmware | 4.30 | |
| y-cam | yceb03 | * | |
| y-cam | ycw002_firmware | 4.30 | |
| y-cam | ycw002 | * | |
| y-cam | yck002_firmware | 4.30 | |
| y-cam | yck002 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:ycb002_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B505C8A9-95DC-4251-BACF-23EE8103C524",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:ycb002:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99E6969C-2AEC-42D1-9F6F-00C9423BC684",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:ycb004_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C50FCDFA-1300-4973-AEBE-D7B727AEC1A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:ycb004:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A00D067-234D-48F6-ACE2-997A9A60EF43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:ycw003_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA12940-3215-455D-9B5F-C158ECC10197",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:ycw003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE871C-3EE0-40AB-B111-9E56BA90C7BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:ycb001_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D69ABCC8-6551-471E-9DB1-5D4070A059FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:ycb001:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB507934-9855-4461-BA34-29BA70213817",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:ycblhd5_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B678D585-5C88-4AB7-AF62-CF5569432A1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:ycblhd5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D72DBFFE-E134-41C2-9313-7AFA2720DD1F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:ycbl03_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "309B01F3-DCE3-49A9-8F7E-561C2A5C3899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:ycbl03:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC766B95-159C-40F7-B84E-6E6097C2EC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:ycblb3_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "056DC1DE-E31B-4A0E-AD91-A0CD77316CBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:ycblb3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BDB126-2B64-4B21-9684-B6BB787B3BDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:ycw001_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "2F10FEB9-364E-48C2-8D37-DC678577574A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:ycw001:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9FACF4-5E00-4CD0-A59E-34230854BCEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:yck004_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8F270-58F5-4CEB-9143-7F84975D9FD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:yck004:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1301039-D3AA-476C-ADD0-25927629A88F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:yck003_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B9FA698D-D88E-49DA-BC07-D0CFE4B3A546",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:yck003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8F234B-8037-411E-8C7E-5747682EC4F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:ycw004_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1B7E67-C6F9-4493-B536-EA00963ED36A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:ycw004:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD0E4C1-5293-4635-9D54-701ED3B953CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:ycb003_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6A94BD56-0745-4A7C-80D8-45C929945DAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:ycb003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FCB56E-0BC0-4086-AC60-6EC675900EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:yceb03_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0FA174-49B2-45B0-82D3-80E83D442DCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:yceb03:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6F6239-2D4C-4F20-BB85-301C787DD808",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:ycw002_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9251BC59-6F6E-4810-90D7-06472B121BD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:ycw002:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF06E4B-F4C4-458D-930D-15678A9670A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:y-cam:yck002_firmware:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "FA34B901-FEE3-4309-8BB9-CDDF5ECB3782",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:y-cam:yck002:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B2BC3A-03E6-4DC4-8C09-75997C3C56C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote attackers to bypass authentication and obtain sensitive information via a leading \"/./\" in a request to en/account/accedit.asp."
},
{
"lang": "es",
"value": "Los modelos de las cameras Y-Cam SD Range YCB003, YCK003, e YCW003; S Range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 e YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, e YCW003; e Y-cam Original Range YCB001, YCW001, con firmware 4.30 y anteriores, permiten a atacantes remotos evadir la autenticaci\u00f3n y obtener informaci\u00f3n sensible a trav\u00e9s de un \u0027/./\u0027 de inicio en una solicitud en en/account/accedit.asp."
}
],
"id": "CVE-2014-1900",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-14T00:59:00.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.y-cam.com/y-cam-security-fix/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.y-cam.com/y-cam-security-fix/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…