{"id": "CVE-2014-1900", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-05-14T00:59:00.083", "references": [{"url": "http://www.y-cam.com/y-cam-security-fix/", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote attackers to bypass authentication and obtain sensitive information via a leading \"/./\" in a request to en/account/accedit.asp."}, {"lang": "es", "value": "Los modelos de las cameras Y-Cam SD Range YCB003, YCK003, e YCW003; S Range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 e YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, e YCW003; e Y-cam Original Range YCB001, YCW001, con firmware 4.30 y anteriores, permiten a atacantes remotos evadir la autenticaci\u00f3n y obtener informaci\u00f3n sensible a trav\u00e9s de un '/./' de inicio en una solicitud en en/account/accedit.asp."}], "lastModified": "2015-05-15T13:28:36.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycb002_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B505C8A9-95DC-4251-BACF-23EE8103C524"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycb002:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "99E6969C-2AEC-42D1-9F6F-00C9423BC684"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycb004_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C50FCDFA-1300-4973-AEBE-D7B727AEC1A7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycb004:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A00D067-234D-48F6-ACE2-997A9A60EF43"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycw003_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCA12940-3215-455D-9B5F-C158ECC10197"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycw003:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "47FE871C-3EE0-40AB-B111-9E56BA90C7BC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycb001_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D69ABCC8-6551-471E-9DB1-5D4070A059FD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycb001:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB507934-9855-4461-BA34-29BA70213817"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycblhd5_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B678D585-5C88-4AB7-AF62-CF5569432A1B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycblhd5:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D72DBFFE-E134-41C2-9313-7AFA2720DD1F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycbl03_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "309B01F3-DCE3-49A9-8F7E-561C2A5C3899"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycbl03:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC766B95-159C-40F7-B84E-6E6097C2EC11"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycblb3_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "056DC1DE-E31B-4A0E-AD91-A0CD77316CBA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycblb3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8BDB126-2B64-4B21-9684-B6BB787B3BDA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycw001_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F10FEB9-364E-48C2-8D37-DC678577574A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycw001:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A9FACF4-5E00-4CD0-A59E-34230854BCEF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:yck004_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5E8F270-58F5-4CEB-9143-7F84975D9FD3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:yck004:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1301039-D3AA-476C-ADD0-25927629A88F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:yck003_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9FA698D-D88E-49DA-BC07-D0CFE4B3A546"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:yck003:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A8F234B-8037-411E-8C7E-5747682EC4F8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycw004_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD1B7E67-C6F9-4493-B536-EA00963ED36A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycw004:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DD0E4C1-5293-4635-9D54-701ED3B953CC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycb003_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A94BD56-0745-4A7C-80D8-45C929945DAE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycb003:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7FCB56E-0BC0-4086-AC60-6EC675900EA5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:yceb03_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC0FA174-49B2-45B0-82D3-80E83D442DCF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:yceb03:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EC6F6239-2D4C-4F20-BB85-301C787DD808"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycw002_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9251BC59-6F6E-4810-90D7-06472B121BD7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycw002:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1FF06E4B-F4C4-458D-930D-15678A9670A0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:yck002_firmware:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA34B901-FEE3-4309-8BB9-CDDF5ECB3782"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:yck002:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B8B2BC3A-03E6-4DC4-8C09-75997C3C56C6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}