FKIE_CVE-2014-1902

Vulnerability from fkie_nvd - Published: 2015-05-14 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to inject arbitrary web script or HTML via the (1) SYSCONTACT parameter to form/identityApply, as triggered using en/identity.asp; (2) PASSWD parameter to form/accAdd, as triggered using en/account/accedit.asp; (3) NTPSERVER parameter to form/clockApply, as triggered using en/clock.asp; (4) SERVER parameter to form/smtpclientApply, as triggered using en/smtpclient.asp; (5) SERVER parameter to form/ftpApply, as triggered using en/ftp.asp; or (6) SERVER parameter to form/httpEventApply, as triggered using en/httpevent.asp.
References
cve@mitre.orghttp://www.y-cam.com/y-cam-security-fix/Patch, Vendor Advisory
cve@mitre.orghttps://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.y-cam.com/y-cam-security-fix/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850Exploit
Impacted products
Vendor Product Version
y-cam ycb004_firmware 4.30
y-cam ycb004 *
y-cam ycb002_firmware 4.30
y-cam ycb002 *
y-cam yck002_firmware 4.30
y-cam yck002 *
y-cam yck003_firmware 4.30
y-cam yck003 *
y-cam yceb03_firmware 4.30
y-cam yceb03 *
y-cam ycb001_firmware 4.30
y-cam ycb001 *
y-cam ycblhd5_firmware 4.30
y-cam ycblhd5 *
y-cam ycblb3_firmware 4.30
y-cam ycblb3 *
y-cam ycb003_firmware 4.30
y-cam ycb003 *
y-cam ycw003_firmware 4.30
y-cam ycw003 *
y-cam ycw004_firmware 4.30
y-cam ycw004 *
y-cam ycbl03_firmware 4.30
y-cam ycbl03 *
y-cam yck004_firmware 4.30
y-cam yck004 *
y-cam ycw001_firmware 4.30
y-cam ycw001 *
y-cam ycw002_firmware 4.30
y-cam ycw002 *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:ycb004_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "C50FCDFA-1300-4973-AEBE-D7B727AEC1A7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:ycb004:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A00D067-234D-48F6-ACE2-997A9A60EF43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:ycb002_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "B505C8A9-95DC-4251-BACF-23EE8103C524",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:ycb002:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E6969C-2AEC-42D1-9F6F-00C9423BC684",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:yck002_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA34B901-FEE3-4309-8BB9-CDDF5ECB3782",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:yck002:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8B2BC3A-03E6-4DC4-8C09-75997C3C56C6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:yck003_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9FA698D-D88E-49DA-BC07-D0CFE4B3A546",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:yck003:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A8F234B-8037-411E-8C7E-5747682EC4F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:yceb03_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0FA174-49B2-45B0-82D3-80E83D442DCF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:yceb03:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC6F6239-2D4C-4F20-BB85-301C787DD808",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:ycb001_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "D69ABCC8-6551-471E-9DB1-5D4070A059FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:ycb001:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB507934-9855-4461-BA34-29BA70213817",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:ycblhd5_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "B678D585-5C88-4AB7-AF62-CF5569432A1B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:ycblhd5:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72DBFFE-E134-41C2-9313-7AFA2720DD1F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:ycblb3_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "056DC1DE-E31B-4A0E-AD91-A0CD77316CBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:ycblb3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BDB126-2B64-4B21-9684-B6BB787B3BDA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:ycb003_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A94BD56-0745-4A7C-80D8-45C929945DAE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:ycb003:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FCB56E-0BC0-4086-AC60-6EC675900EA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:ycw003_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCA12940-3215-455D-9B5F-C158ECC10197",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:ycw003:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE871C-3EE0-40AB-B111-9E56BA90C7BC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:ycw004_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1B7E67-C6F9-4493-B536-EA00963ED36A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:ycw004:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD0E4C1-5293-4635-9D54-701ED3B953CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:ycbl03_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "309B01F3-DCE3-49A9-8F7E-561C2A5C3899",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:ycbl03:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC766B95-159C-40F7-B84E-6E6097C2EC11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:yck004_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5E8F270-58F5-4CEB-9143-7F84975D9FD3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:yck004:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1301039-D3AA-476C-ADD0-25927629A88F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:ycw001_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F10FEB9-364E-48C2-8D37-DC678577574A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:ycw001:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A9FACF4-5E00-4CD0-A59E-34230854BCEF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:y-cam:ycw002_firmware:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "9251BC59-6F6E-4810-90D7-06472B121BD7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:y-cam:ycw002:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FF06E4B-F4C4-458D-930D-15678A9670A0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to inject arbitrary web script or HTML via the (1) SYSCONTACT parameter to form/identityApply, as triggered using en/identity.asp; (2) PASSWD parameter to form/accAdd, as triggered using en/account/accedit.asp; (3) NTPSERVER parameter to form/clockApply, as triggered using en/clock.asp; (4) SERVER parameter to form/smtpclientApply, as triggered using en/smtpclient.asp; (5) SERVER parameter to form/ftpApply, as triggered using en/ftp.asp; or (6) SERVER parameter to form/httpEventApply, as triggered using en/httpevent.asp."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en los modelos de camera Y-Cam SD Range YCB003, YCK003, y YCW003; S Range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 y YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, y YCW003; y Y-cam Original Range YCB001, YCW001, con firmware 4.30 y anteriores, permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s (1) del par\u00e1metro SYSCONTACT en form/identityApply, provocado utilizando en/identity.asp; (2) del par\u00e1metro PASSWD en form/accAdd, provocado utilizando en/account/accedit.asp; (3) del par\u00e1metro NTPSERVER en form/clockApply, provocado utlizando en/clock.asp; (4) del par\u00e1metro SERVER en form/smtpclientApply, provocado utilizando en/smtpclient.asp; (5) del par\u00e1metro SERVER en form/ftpApply, provocado utilizando en/ftp.asp; o (6) del par\u00e1metro SERVER en form/httpEventApply, provocado utilizando en/httpevent.asp."
    }
  ],
  "id": "CVE-2014-1902",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-05-14T00:59:02.537",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.y-cam.com/y-cam-security-fix/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.y-cam.com/y-cam-security-fix/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.