Cross-Site Request Forgery Vulnerability in I-O DATA TS-WPTCAM Series Products
CVE-2017-2223

8.8HIGH

Key Information:

Vendor

I-o Data Device, Inc.

Status
Ts-WPtcam
Ts-ptcam
Ts-ptcam/poe
Ts-wlc2
Vendor
CVE Published:
7 July 2017

What is CVE-2017-2223?

A cross-site request forgery (CSRF) vulnerability exists in I-O DATA's TS-WPTCAM and related firmware versions. This flaw allows remote attackers to exploit the authentication mechanism of the device, potentially hijacking an administrator’s session through unspecified vectors. The vulnerability primarily affects various models, including the TS-WPTCAM and TS-PTCAM series, where exploitations could lead to unauthorized administrative access, undermining the security protocols in place.

Affected Version(s)

TS-PTCAM firmware version 1.19 and earlier

TS-PTCAM/POE firmware version 1.19 and earlier

TS-WLC2 firmware version 1.19 and earlier

References

http://www.iodata.jp/support/information/2017/camera201706/
x_refsource_MISC
http://www.securityfocus.com/bid/99144
vdb-entryx_refsource_BID
https://jvn.jp/en/jp/JVN65411235/index.html
third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-2223 : Cross-Site Request Forgery Vulnerability in I-O DATA TS-WPTCAM Series Products