Arbitrary OS Command Execution and Information Leakage in I-O DATA Network Cameras

Arbitrary OS Command Execution and Information Leakage in I-O DATA Network Cameras

CVE-2018-0661 · HIGH Severity

AV:A/AC:L/AU:N/C:C/I:C/A:C

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration.

Learn more about our Network Penetration Testing.