{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to inject arbitrary web script or HTML via the (1) SYSCONTACT parameter to form/identityApply, as triggered using en/identity.asp; (2) PASSWD parameter to form/accAdd, as triggered using en/account/accedit.asp; (3) NTPSERVER parameter to form/clockApply, as triggered using en/clock.asp; (4) SERVER parameter to form/smtpclientApply, as triggered using en/smtpclient.asp; (5) SERVER parameter to form/ftpApply, as triggered using en/ftp.asp; or (6) SERVER parameter to form/httpEventApply, as triggered using en/httpevent.asp."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-13T23:57:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.y-cam.com/y-cam-security-fix/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1902", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to inject arbitrary web script or HTML via the (1) SYSCONTACT parameter to form/identityApply, as triggered using en/identity.asp; (2) PASSWD parameter to form/accAdd, as triggered using en/account/accedit.asp; (3) NTPSERVER parameter to form/clockApply, as triggered using en/clock.asp; (4) SERVER parameter to form/smtpclientApply, as triggered using en/smtpclient.asp; (5) SERVER parameter to form/ftpApply, as triggered using en/ftp.asp; or (6) SERVER parameter to form/httpEventApply, as triggered using en/httpevent.asp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850", "refsource": "MISC", "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"}, {"name": "http://www.y-cam.com/y-cam-security-fix/", "refsource": "CONFIRM", "url": "http://www.y-cam.com/y-cam-security-fix/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:58:15.951Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.y-cam.com/y-cam-security-fix/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1902", "datePublished": "2015-05-14T00:00:00.000Z", "dateReserved": "2014-02-07T00:00:00.000Z", "dateUpdated": "2024-08-06T09:58:15.951Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycb004_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "C50FCDFA-1300-4973-AEBE-D7B727AEC1A7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycb004:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A00D067-234D-48F6-ACE2-997A9A60EF43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycb002_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "B505C8A9-95DC-4251-BACF-23EE8103C524", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycb002:*:*:*:*:*:*:*:*", "matchCriteriaId": "99E6969C-2AEC-42D1-9F6F-00C9423BC684", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:yck002_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "FA34B901-FEE3-4309-8BB9-CDDF5ECB3782", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:yck002:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8B2BC3A-03E6-4DC4-8C09-75997C3C56C6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:yck003_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "B9FA698D-D88E-49DA-BC07-D0CFE4B3A546", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:yck003:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A8F234B-8037-411E-8C7E-5747682EC4F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:yceb03_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "FC0FA174-49B2-45B0-82D3-80E83D442DCF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:yceb03:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC6F6239-2D4C-4F20-BB85-301C787DD808", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycb001_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "D69ABCC8-6551-471E-9DB1-5D4070A059FD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycb001:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB507934-9855-4461-BA34-29BA70213817", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycblhd5_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "B678D585-5C88-4AB7-AF62-CF5569432A1B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycblhd5:*:*:*:*:*:*:*:*", "matchCriteriaId": "D72DBFFE-E134-41C2-9313-7AFA2720DD1F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycblb3_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "056DC1DE-E31B-4A0E-AD91-A0CD77316CBA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycblb3:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8BDB126-2B64-4B21-9684-B6BB787B3BDA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycb003_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "6A94BD56-0745-4A7C-80D8-45C929945DAE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycb003:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7FCB56E-0BC0-4086-AC60-6EC675900EA5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycw003_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "DCA12940-3215-455D-9B5F-C158ECC10197", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycw003:*:*:*:*:*:*:*:*", "matchCriteriaId": "47FE871C-3EE0-40AB-B111-9E56BA90C7BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycw004_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "BD1B7E67-C6F9-4493-B536-EA00963ED36A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycw004:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DD0E4C1-5293-4635-9D54-701ED3B953CC", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycbl03_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "309B01F3-DCE3-49A9-8F7E-561C2A5C3899", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycbl03:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC766B95-159C-40F7-B84E-6E6097C2EC11", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:yck004_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "E5E8F270-58F5-4CEB-9143-7F84975D9FD3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:yck004:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1301039-D3AA-476C-ADD0-25927629A88F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycw001_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "2F10FEB9-364E-48C2-8D37-DC678577574A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycw001:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A9FACF4-5E00-4CD0-A59E-34230854BCEF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:y-cam:ycw002_firmware:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "9251BC59-6F6E-4810-90D7-06472B121BD7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:y-cam:ycw002:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FF06E4B-F4C4-458D-930D-15678A9670A0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to inject arbitrary web script or HTML via the (1) SYSCONTACT parameter to form/identityApply, as triggered using en/identity.asp; (2) PASSWD parameter to form/accAdd, as triggered using en/account/accedit.asp; (3) NTPSERVER parameter to form/clockApply, as triggered using en/clock.asp; (4) SERVER parameter to form/smtpclientApply, as triggered using en/smtpclient.asp; (5) SERVER parameter to form/ftpApply, as triggered using en/ftp.asp; or (6) SERVER parameter to form/httpEventApply, as triggered using en/httpevent.asp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en los modelos de camera Y-Cam SD Range YCB003, YCK003, y YCW003; S Range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 y YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, y YCW003; y Y-cam Original Range YCB001, YCW001, con firmware 4.30 y anteriores, permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s (1) del par\u00e1metro SYSCONTACT en form/identityApply, provocado utilizando en/identity.asp; (2) del par\u00e1metro PASSWD en form/accAdd, provocado utilizando en/account/accedit.asp; (3) del par\u00e1metro NTPSERVER en form/clockApply, provocado utlizando en/clock.asp; (4) del par\u00e1metro SERVER en form/smtpclientApply, provocado utilizando en/smtpclient.asp; (5) del par\u00e1metro SERVER en form/ftpApply, provocado utilizando en/ftp.asp; o (6) del par\u00e1metro SERVER en form/httpEventApply, provocado utilizando en/httpevent.asp."}], "id": "CVE-2014-1902", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-05-14T00:59:02.537", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.y-cam.com/y-cam-security-fix/"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.y-cam.com/y-cam-security-fix/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}