N/A

Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp. NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900.

N/A

N/A

多款Y-Cam产品拒绝服务漏洞

Y-Cam camera models SD range YCB003等都是英国Y-Cam公司的网络摄像机产品。 多款Y-Cam产品中存在安全漏洞，该漏洞源于en/store_main.asp文件没有充分过滤畸形的‘path’参数；en/account/accedit.asp文件没有充分过滤畸形的‘item’参数；en/smtpclient.asp文件没有充分过滤畸形的‘emailid’参数。远程攻击者可利用该漏洞造成拒绝服务（重启）。以下产品及版本受到影响：使用4.30及之前版本固件的Y-Cam cam

N/A

N/A