Published:2024/02/29  Last Updated:2024/02/29

JVN#77203800
OET-213H-BTS1 missing authorization check in the initial configuration

Overview

OET-213H-BTS1 developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. does not perform an authorization check in the initial configuration.

Products Affected

This vulnerability is reported for the following products sold in Japan by Atsumi Electric co., Ltd.

  • OET-213H-BTS1

Description

OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd.
The initial configuration of the product is ​insecure (CWE-1188), it does not perform an authorization check when processing the API requests.

Impact

The product may be configured and controlled from within the adjacent network without authentication.

Solution

Update the configuration
You can enable HTTP authentication.

For more details, refer to the information in the Vendor Status section below.

Vendor Status

Vendor Link
Zhejiang Uniview Technologies Co.,Ltd / Atsumi Electric Co., Ltd. Vulnerability of Wrist Temperature Measurement System OET-213H-BTS1 (Text in Japanese)
Procedure for Security Setting change of OET-213H-BTS1 (PDF, Text in Japanese)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Base Score: 8.3
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P
Base Score: 5.8
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-25972
JVN iPedia JVNDB-2024-000024