GCVE - cpe:2.3:h:y-cam:yceb03:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:y-cam:yceb03:*:*:*:*:*:*:*:*

part: h version: * update: *

Vendor	Y Cam (`ae9e2f47-a4c7-5b46-a5fd-438941e81dc0`)
Product	Yceb03 (`ea878014-8a35-5630-8eff-b82157ca1ff5`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-1902`	not_vulnerable	2026-06-03 14:33:48.942496	Details available Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to inject arbitrary web script or HTML via the (1) SYSCONTACT parameter to form/identityApply, as triggered using en/identity.asp; (2) PASSWD parameter to form/accAdd, as triggered using en/account/accedit.asp; (3) NTPSERVER parameter to form/clockApply, as triggered using en/clock.asp; (4) SERVER parameter to form/smtpclientApply, as triggered using en/smtpclient.asp; (5) SERVER parameter to form/ftpApply, as triggered using en/ftp.asp; or (6) SERVER parameter to form/httpEventApply, as triggered using en/httpevent.asp. Published: 2015-05-14T00:00:00.000Z Updated: 2024-08-06T09:58:15.951Z Open on db.gcve.eu Reference links https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850 http://www.y-cam.com/y-cam-security-fix/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1901`	not_vulnerable	2026-06-03 14:33:48.941184	Details available Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp. NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900. Published: 2015-05-14T00:00:00.000Z Updated: 2024-08-06T09:58:15.491Z Open on db.gcve.eu Reference links https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850 http://www.y-cam.com/y-cam-security-fix/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1900`	not_vulnerable	2026-06-03 14:33:48.937595	Details available Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote attackers to bypass authentication and obtain sensitive information via a leading "/./" in a request to en/account/accedit.asp. Published: 2015-05-14T00:00:00.000Z Updated: 2024-08-06T09:58:14.489Z Open on db.gcve.eu Reference links https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850 http://www.y-cam.com/y-cam-security-fix/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.