PT-2018-9001 · I O Data · Ts-Wrlp+2
Daiki Ichinose
+1
·
Published
2018-09-07
·
Updated
2018-11-01
·
CVE-2018-0663
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
I-O DATA network camera products TS-WRLP versions 1.09.04 and earlier
I-O DATA network camera products TS-WRLA versions 1.09.04 and earlier
I-O DATA network camera products TS-WRLP/E versions 1.09.04 and earlier
Description
The issue concerns the use of hardcoded credentials in the affected products, potentially allowing a remote authenticated attacker to execute arbitrary OS commands on the device.
Recommendations
For TS-WRLP versions 1.09.04 and earlier, update to a version later than 1.09.04 to resolve the issue.
For TS-WRLA versions 1.09.04 and earlier, update to a version later than 1.09.04 to resolve the issue.
For TS-WRLP/E versions 1.09.04 and earlier, update to a version later than 1.09.04 to resolve the issue.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ts-Wrla
Ts-Wrlp
Ts-Wrlp/E