CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-2223
https://notcve.org/view.php?id=CVE-2017-2223
Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC con versiones de firmware 1.19 y anteriores y TS-WPTCAM2 con versiones de firmware 1.01 y anteriores permite que atacantes remotos secuestren la autenticación de los administradores mediante vectores sin especificar. • http://www.iodata.jp/support/information/2017/camera201706 http://www.securityfocus.com/bid/99144 https://jvn.jp/en/jp/JVN65411235/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2014-3895
https://notcve.org/view.php?id=CVE-2014-3895
The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. La camera I-O DATA TS-WLCAM con firmware 1.06 y anteriores, la camera TS-WLCAM/V con firmware 1.06 y anteriores, la camera TS-WPTCAM con firmware 1.08 y anteriores, la camera TS-PTCAM con firmware 1.08 y anteriores, la camera TS-PTCAM/POE con firmware 1.08 y anteriores y la camera TS-WLC2 con firmware 1.02 y anteriores permiten a atacantes remotos evadir la autenticación, y como consecuencia obtener información sensible de credenciales y datos de configuración, a través de vectores no especificados. • http://jvn.jp/en/jp/JVN94592501/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000087 http://www.iodata.jp/support/information/2014/qwatch • CWE-287: Improper Authentication •