First published: Fri Sep 07 2018(Updated: )
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Iodata Ts-wrlp Firmware | <=1.09.04 | |
Iodata Ts-wrlp | ||
Iodata Ts-wrlp\/e Firmware | <=1.09.04 | |
Iodata Ts-wrlp\/e | ||
Iodata Ts-wrla Firmware | <=1.09.04 | |
Iodata Ts-wrla |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-0663 is critical with a CVSS score of 8.8.
I-O DATA network camera products TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, and TS-WRLP/E firmware Ver.1.09.04 and earlier are affected by CVE-2018-0663.
CVE-2018-0663 is a vulnerability in multiple I-O DATA network camera products that use hardcoded credentials, allowing a remote authenticated attacker to execute arbitrary OS commands on the device.
An attacker can exploit CVE-2018-0663 by using the hardcoded credentials to authenticate remotely and then execute arbitrary OS commands on the vulnerable I-O DATA network camera.
Yes, TS-WRLP and TS-WRLP/E models with firmware Ver.1.09.04 and earlier are vulnerable to CVE-2018-0663.