CVE-2017-2112

Description

TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

References

Link	Tags
http://jvn.jp/en/jp/JVN46830433/index.html	third party advisory vdb entry
http://www.securityfocus.com/bid/96620	third party advisory vdb entry
http://www.iodata.jp/support/information/2017/camera201702/	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2017-2112?: CVE-2017-2112 has been scored as a high severity vulnerability.
How to fix CVE-2017-2112?: To fix CVE-2017-2112, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2017-2112 being actively exploited in the wild?: It is possible that CVE-2017-2112 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~4% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2017-2112?: CVE-2017-2112 affects I-O DATA DEVICE, INC. TS-WPTCAM, I-O DATA DEVICE, INC. TS-WPTCAM2, I-O DATA DEVICE, INC. TS-WLCE, I-O DATA DEVICE, INC. TS-WLC2, I-O DATA DEVICE, INC. TS-WRLC, I-O DATA DEVICE, INC. TS-PTCAM/POE.

Description

Category

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions