Strix
26.1K

CVE-2014-1901

UnknownEPSS 1.29%

Last modified

CVE-2014-1901 is a vulnerability of currently unknown severity. Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp. NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900.. EPSS estimates a 1.29% chance of exploitation in the next 30 days.

Description

Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp. NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900.

Metrics

EPSS Probability
1.29%

66.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Y-CamYceb03 Firmware4.30
Y-CamYcb004 Firmware4.30
Y-CamYcb002 Firmware4.30
Y-CamYcbl03 Firmware4.30
Y-CamYcbl03All versions
Y-CamYcblb3 Firmware4.30
Y-CamYcblb3All versions
Y-CamYck002 Firmware4.30
Y-CamYcblhd5 Firmware4.30
Y-CamYcw003 Firmware4.30
Y-CamYcw001 Firmware4.30
Y-CamYcw002 Firmware4.30
Y-CamYcb001 Firmware4.30
Y-CamYcw004 Firmware4.30
Y-CamYcw004All versions
Y-CamYck003 Firmware4.30
Y-CamYck004 Firmware4.30
Y-CamYcb003 Firmware4.30

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-1901?
Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp. NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900.
How severe is CVE-2014-1901?
Severity scoring for CVE-2014-1901 is pending analysis. The EPSS model estimates a 1.29% probability of exploitation in the next 30 days.
How do I fix CVE-2014-1901?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-1901?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST