CVE-2018-0661

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
iodatats-wrlp_firmware
𝑥
≤ 1.09.04
iodatats-wrlp\/e_firmware
𝑥
≤ 1.09.04
iodatats-wrla_firmware
𝑥
≤ 1.09.04
𝑥
= Vulnerable software versions
References
http://jvn.jp/en/jp/JVN83701666/index.html
http://www.iodata.jp/support/information/2018/ts-wrlp/
http://jvn.jp/en/jp/JVN83701666/index.html
http://www.iodata.jp/support/information/2018/ts-wrlp/