Lucene search

MitreCVE-2014-1902

HistoryMay 14, 2015 - 12:59 a.m.

CVE-2014-1902

2015-05-1400:59:02

CWE-79

mitre

web.nvd.nist.gov

cve-2014-1902

cross-site scripting

xss

y-cam

camera

firmware 4.30

security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to inject arbitrary web script or HTML via the (1) SYSCONTACT parameter to form/identityApply, as triggered using en/identity.asp; (2) PASSWD parameter to form/accAdd, as triggered using en/account/accedit.asp; (3) NTPSERVER parameter to form/clockApply, as triggered using en/clock.asp; (4) SERVER parameter to form/smtpclientApply, as triggered using en/smtpclient.asp; (5) SERVER parameter to form/ftpApply, as triggered using en/ftp.asp; or (6) SERVER parameter to form/httpEventApply, as triggered using en/httpevent.asp.

Affected configurations

Nvd

Node

y-camycb004_firmwareMatch4.30

AND

y-camycb004

Node

y-camycb002_firmwareMatch4.30

AND

y-camycb002

Node

y-camyck002_firmwareMatch4.30

AND

y-camyck002

Node

y-camyck003_firmwareMatch4.30

AND

y-camyck003

Node

y-camyceb03_firmwareMatch4.30

AND

y-camyceb03

Node

y-camycb001_firmwareMatch4.30

AND

y-camycb001

Node

y-camycblhd5_firmwareMatch4.30

AND

y-camycblhd5

Node

y-camycblb3_firmwareMatch4.30

AND

y-camycblb3

Node

y-camycb003_firmwareMatch4.30

AND

y-camycb003

Node

y-camycw003_firmwareMatch4.30

AND

y-camycw003

Node

y-camycw004_firmwareMatch4.30

AND

y-camycw004

Node

y-camycbl03_firmwareMatch4.30

AND

y-camycbl03

Node

y-camyck004_firmwareMatch4.30

AND

y-camyck004

Node

y-camycw001_firmwareMatch4.30

AND

y-camycw001

Node

y-camycw002_firmwareMatch4.30

AND

y-camycw002

VendorProductVersionCPE
y-camycb004_firmware4.30cpe:2.3:o:y-cam:ycb004_firmware:4.30:*:*:*:*:*:*:*
y-camycb004*cpe:2.3:h:y-cam:ycb004:*:*:*:*:*:*:*:*
y-camycb002_firmware4.30cpe:2.3:o:y-cam:ycb002_firmware:4.30:*:*:*:*:*:*:*
y-camycb002*cpe:2.3:h:y-cam:ycb002:*:*:*:*:*:*:*:*
y-camyck002_firmware4.30cpe:2.3:o:y-cam:yck002_firmware:4.30:*:*:*:*:*:*:*
y-camyck002*cpe:2.3:h:y-cam:yck002:*:*:*:*:*:*:*:*
y-camyck003_firmware4.30cpe:2.3:o:y-cam:yck003_firmware:4.30:*:*:*:*:*:*:*
y-camyck003*cpe:2.3:h:y-cam:yck003:*:*:*:*:*:*:*:*
y-camyceb03_firmware4.30cpe:2.3:o:y-cam:yceb03_firmware:4.30:*:*:*:*:*:*:*
y-camyceb03*cpe:2.3:h:y-cam:yceb03:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
y-cam	ycb004_firmware	4.30	cpe:2.3:o:y-cam:ycb004_firmware:4.30:::::::*
y-cam	ycb004	*	cpe:2.3:h:y-cam:ycb004::::::::
y-cam	ycb002_firmware	4.30	cpe:2.3:o:y-cam:ycb002_firmware:4.30:::::::*
y-cam	ycb002	*	cpe:2.3:h:y-cam:ycb002::::::::
y-cam	yck002_firmware	4.30	cpe:2.3:o:y-cam:yck002_firmware:4.30:::::::*
y-cam	yck002	*	cpe:2.3:h:y-cam:yck002::::::::
y-cam	yck003_firmware	4.30	cpe:2.3:o:y-cam:yck003_firmware:4.30:::::::*
y-cam	yck003	*	cpe:2.3:h:y-cam:yck003::::::::
y-cam	yceb03_firmware	4.30	cpe:2.3:o:y-cam:yceb03_firmware:4.30:::::::*
y-cam	yceb03	*	cpe:2.3:h:y-cam:yceb03::::::::

Rows per page:

1-10 of 301

References

www.y-cam.com/y-cam-security-fix/

www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Related for CVE-2014-1902