CVE-2017-2111

Published: Apr 28, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information.

Affected (7)

Products: Iodata: Ts Ptcam/poe Firmware, Ts Ptcam Firmware, Ts Wrlc Firmware, Ts Wlc2 Firmware, Ts Wlce Firmware, Ts Wptcam2 Firmware, Ts Wptcam Firmware

Iodata

7 products

Ts Ptcam/poe Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Ptcam/poe Firmware	Up to 1.18

Running on/with	Platform Versions
Iodata Ts Ptcam/poe	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Ptcam Firmware	Up to 1.18

Running on/with	Platform Versions
Iodata Ts Ptcam	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Wrlc Firmware	Up to 1.17

Running on/with	Platform Versions
Iodata Ts Wrlc	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Wlc2 Firmware	Up to 1.18

Running on/with	Platform Versions
Iodata Ts Wlc2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Wlce Firmware	Up to 1.18

Running on/with	Platform Versions
Iodata Ts Wlce	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Wptcam2 Firmware	Version 1.00

Running on/with	Platform Versions
Iodata Ts Wptcam2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Wptcam Firmware	Up to 1.18

Running on/with	Platform Versions
Iodata Ts Wptcam	All versions

Related CWEs

CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

References (6)

http://jvn.jp/en/jp/JVN46830433/index.html

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

http://www.iodata.jp/support/information/2017/camera201702/

Source: vultures@jpcert.or.jp

Vendor Advisory

http://www.securityfocus.com/bid/96620

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

http://jvn.jp/en/jp/JVN46830433/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.iodata.jp/support/information/2017/camera201702/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/96620

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.