CVE-2014-1900

Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote attackers to bypass authentication and obtain sensitive information via a leading "/./" in a request to en/account/accedit.asp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
y-camycb002_firmware
4.30
y-camycb004_firmware
4.30
y-camycw003_firmware
4.30
y-camycb001_firmware
4.30
y-camycblhd5_firmware
4.30
y-camycbl03_firmware
4.30
y-camycbl03
*
y-camycblb3_firmware
4.30
y-camycblb3
*
y-camycw001_firmware
4.30
y-camyck004_firmware
4.30
y-camyck003_firmware
4.30
y-camycw004_firmware
4.30
y-camycw004
*
y-camycb003_firmware
4.30
y-camyceb03_firmware
4.30
y-camycw002_firmware
4.30
y-camyck002_firmware
4.30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.y-cam.com/y-cam-security-fix/
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850
http://www.y-cam.com/y-cam-security-fix/
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850