CVE-2018-0663 in TS-WRLP
Summary
by MITRE
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 03/21/2020
The vulnerability identified as CVE-2018-0663 affects multiple network camera models manufactured by I-O DATA, specifically targeting their TS-WRLP, TS-WRLA, and TS-WRLP/E device lines. These products operate with firmware versions 1.09.04 and earlier, creating a significant security exposure that impacts numerous deployed surveillance systems. The flaw resides in the hardcoded credential implementation within the device firmware, which represents a fundamental architectural weakness that undermines the security posture of these network cameras.
This vulnerability stems from the improper implementation of authentication mechanisms where default credentials are embedded directly within the firmware code rather than being dynamically generated or securely stored. The hardcoded credentials create a persistent backdoor that allows remote authenticated attackers to gain access to the device's operating system. According to CWE-798, this represents a weakness where sensitive information is hardcoded in the application, making it accessible to anyone who can access the firmware or network traffic. The vulnerability permits arbitrary OS command execution, which provides attackers with complete control over the affected devices.
The operational impact of this vulnerability is severe as it enables attackers to execute malicious commands on the compromised network cameras, potentially leading to complete system compromise. Attackers can leverage these hardcoded credentials to gain root access to the device, allowing them to modify configurations, extract stored data, install malicious software, or use the device as a pivot point for attacking other systems within the network. The remote authenticated nature of the attack means that an attacker only needs valid credentials to access the device and then can execute commands that could compromise the entire surveillance infrastructure. This vulnerability directly maps to ATT&CK technique T1059.001 for command and scripting interpreter and T1021.001 for remote services, as it enables remote code execution through legitimate network services.
Mitigation strategies for CVE-2018-0663 primarily involve firmware updates from I-O DATA that address the hardcoded credential issue and implement proper authentication mechanisms. Organizations should immediately update all affected devices to the latest firmware versions that resolve this vulnerability. Additionally, network segmentation should be implemented to isolate surveillance systems from critical network segments, and access controls should be enforced to limit who can authenticate to these devices. Security monitoring should be enhanced to detect unusual authentication patterns or command execution attempts on network cameras. The implementation of network access control lists and regular security audits of networked devices will help prevent exploitation of this vulnerability. Organizations should also consider disabling unnecessary network services and implementing strong, unique credentials for each device rather than relying on hardcoded defaults. Regular vulnerability assessments and penetration testing of network camera deployments will help identify similar security flaws that could be exploited by threat actors.