HTTP Header Injection Vulnerability in TS-WPTCAM and Related Firmware by IoData
CVE-2017-2111

6.1MEDIUM

Key Information:

Vendor

I-o Data Device, Inc.

Status
Ts-WPtcam
Ts-WPtcam2
Ts-wlce
Ts-wlc2
Vendor
CVE Published:
28 April 2017

What is CVE-2017-2111?

A vulnerability in IoData's firmware products allows remote attackers to exploit HTTP header injection. This flaw may enable attackers to inject malicious HTTP headers, leading to the display of false information to users. Affected products include multiple TS-WPTCAM and related firmware versions. It is crucial for users to upgrade to the latest firmware versions to mitigate this risk.

Affected Version(s)

TS-PTCAM/POE firmware version 1.18 and earlier

TS-WLC2 firmware version 1.18 and earlier

TS-WLCE firmware version 1.18 and earlier

References

http://jvn.jp/en/jp/JVN46830433/index.html
third-party-advisoryx_refsource_JVN
http://www.securityfocus.com/bid/96620
vdb-entryx_refsource_BID
http://www.iodata.jp/support/information/2017/camera201702/
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-2111 : HTTP Header Injection Vulnerability in TS-WPTCAM and Related Firmware by IoData