JVN#84627857: i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key

Overview

i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a use of hard-coded cryptographic key vulnerability.

Products Affected

Network System for i-PRO Co., Ltd. Surveillance Cameras and Recorders

As for the details of affected product names and versions, refer to the information provided by the developer.

Description

i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below.

Use of hard-coded cryptographic key (CWE-321)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 6.8
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 5.5
- CVE-2025-32730

Impact

Accessing the tool may allow a local authenticated attacker to use the authentication information from the last connected surveillance cameras and recorders.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Link
i-PRO Co., Ltd.	Advisory
	Release Notes
	Download

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated.
After the coordination was completed, i-PRO Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2025-32730
JVN iPedia	JVNDB-2025-000028

JVN#84627857 i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key