CVE-2017-2111

MEDIUM

TS-* - Info Disclosure

Title source: llm

Description

HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information.

References (3)

[Third Party Advisory, VDB Entry] http://jvn.jp/en/jp/JVN46830433/index.html

[Vendor Advisory] http://www.iodata.jp/support/information/2017/camera201702/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96620

Scores

CVSS v3 6.1

EPSS 0.0034

EPSS Percentile 56.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-93

Status published

Affected Products (13)

iodata/ts-ptcam\/poe_firmware < 1.18

iodata/ts-ptcam_firmware < 1.18

iodata/ts-wrlc_firmware < 1.17

iodata/ts-wlc2_firmware < 1.18

iodata/ts-wlce_firmware < 1.18

iodata/ts-wptcam2_firmware

iodata/ts-wptcam_firmware < 1.18

I-O DATA DEVICE, INC./TS-WPTCAM < firmware version 1.18 and earlier

I-O DATA DEVICE, INC./TS-WPTCAM2 < firmware version 1.00

I-O DATA DEVICE, INC./TS-WLCE < firmware version 1.18 and earlier

I-O DATA DEVICE, INC./TS-WLC2 < firmware version 1.18 and earlier

I-O DATA DEVICE, INC./TS-WRLC < firmware version 1.17 and earlier

I-O DATA DEVICE, INC./TS-PTCAM/POE < firmware version 1.18 and earlier

Timeline

Published Apr 28, 2017

Tracked Since Feb 18, 2026