Lucene search

Japan Vulnerability NotesJVN:96240417

HistoryJan 15, 2024 - 12:00 a.m.

JVN#96240417: Thermal camera TMC series vulnerable to insufficient technical documentation

2024-01-1500:00:00

Japan Vulnerability Notes

jvn.jp

thermal camera

vulnerability

insufficient documentation

unauthorized access

network interface

internal storage

workaround

firmware versions

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

20.7%

JSON

Thermal camera TMC series provided by THREE R SOLUTION CORP. JAPAN are vulnerable to insufficient technical documentation (CWE-1059).
The related documentation does not describe the existence of the network interface, nor the internal storage for pictures and measurement data.

Impact

The user of the affected product is not aware of the internally saved data.
By accessing the affected product physically, an attacker may retrieve the internal data.

Solution

Apply the workaround
Apply the workaround according to the information provided by the developer.

For more information, refer to the information provided by the developer.

Products Affected

All firmware versions of the following thermal cameras are affected by this vulnerability.

3R-TMC01
3R-TMC02
3R-TMC03
3R-TMC04
3R-TMC05
3R-TMC06

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

20.7%

JSON

Related for JVN:96240417