CVE-2017-2111

MEDIUM

I-O DATA DEVICE Firmware - HTTP Header Injection

Title source: llm

Description

HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn

http://jvn.jp/en/jp/JVN46830433/index.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96620

Vendor Advisory x_refsource_misc

http://www.iodata.jp/support/information/2017/camera201702/

Scores

CVSS v3 6.1

EPSS 0.0120

EPSS Percentile 63.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-93

Status published

Products (13)

I-O DATA DEVICE, INC./TS-PTCAM/POE firmware version 1.18 and earlier

I-O DATA DEVICE, INC./TS-WLC2 firmware version 1.18 and earlier

I-O DATA DEVICE, INC./TS-WLCE firmware version 1.18 and earlier

I-O DATA DEVICE, INC./TS-WPTCAM firmware version 1.18 and earlier

I-O DATA DEVICE, INC./TS-WPTCAM2 firmware version 1.00

I-O DATA DEVICE, INC./TS-WRLC firmware version 1.17 and earlier

iodata/ts-ptcam\/poe_firmware < 1.18

iodata/ts-ptcam_firmware < 1.18

iodata/ts-wlc2_firmware < 1.18

iodata/ts-wlce_firmware < 1.18

... and 3 more

Published Apr 28, 2017

Tracked Since Feb 18, 2026