CVE-2017-2223

Published: Jul 7, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Affected (7)

Products: Iodata: Ts Wptcam Camera Firmware, Ts Ptcam Camera Firmware, Ts Ptcam/poe Camera Firmware, Ts Wlc2 Camera Firmware, Ts Wlce Camera Firmware, Ts Wrlc Camera Firmware, Ts Wptcam2 Firmware

Iodata

7 products

Ts Wptcam Camera Firmware

Ts Ptcam Camera Firmware

Ts Ptcam/poe Camera Firmware

Ts Wlc2 Camera Firmware

Ts Wlce Camera Firmware

Ts Wrlc Camera Firmware

Ts Wptcam2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Wptcam Camera Firmware	Up to 1.19

Running on/with	Platform Versions
Iodata Ts Wptcam Camera	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Ptcam Camera Firmware	Up to 1.19

Running on/with	Platform Versions
Iodata Ts Ptcam Camera	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Ptcam/poe Camera Firmware	Up to 1.19

Running on/with	Platform Versions
Iodata Ts Ptcam/poe Camera	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Wlc2 Camera Firmware	Up to 1.19

Running on/with	Platform Versions
Iodata Ts Wlc2 Camera	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Wlce Camera Firmware	Up to 1.19

Running on/with	Platform Versions
Iodata Ts Wlce Camera	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Wrlc Camera Firmware	Up to 1.19

Running on/with	Platform Versions
Iodata Ts Wrlc Camera	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Ts Wptcam2 Firmware	Up to 1.01

Running on/with	Platform Versions
Iodata Ts Wptcam2	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www.iodata.jp/support/information/2017/camera201706/

Source: vultures@jpcert.or.jp

PatchVendor Advisory

http://www.securityfocus.com/bid/99144

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

https://jvn.jp/en/jp/JVN65411235/index.html

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

http://www.iodata.jp/support/information/2017/camera201706/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/99144

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://jvn.jp/en/jp/JVN65411235/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.