First published: Fri Sep 07 2018(Updated: )
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Iodata Ts-wrlp Firmware | <=1.09.04 | |
Iodata Ts-wrlp | ||
Iodata Ts-wrlp\/e Firmware | <=1.09.04 | |
Iodata Ts-wrlp\/e | ||
Iodata Ts-wrla Firmware | <=1.09.04 | |
Iodata Ts-wrla |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-0661 is high with a severity value of 8.8.
Multiple I-O DATA network camera products are affected by CVE-2018-0661 including TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, and TS-WRLP/E firmware Ver.1.09.04 and earlier.
CVE-2018-0661 allows an attacker on the same network segment to bypass access restriction and add files on a specific directory, potentially resulting in unauthorized access or other security issues.
An attacker can exploit CVE-2018-0661 by being on the same network segment as the vulnerable I-O DATA network camera products and bypassing access restrictions to add files on a specific directory.
Yes, you can find more information about CVE-2018-0661 at the following references: [JVN83701666](http://jvn.jp/en/jp/JVN83701666/index.html) and [IODATA website](http://www.iodata.jp/support/information/2018/ts-wrlp/).