JVN#96240417
Thermal camera TMC series vulnerable to insufficient technical documentation
Overview
About thermal camera TMC series, sufficient technical information is not provided.
Products Affected
All firmware versions of the following thermal cameras are affected by this vulnerability.
- 3R-TMC01
- 3R-TMC02
- 3R-TMC03
- 3R-TMC04
- 3R-TMC05
- 3R-TMC06
Description
Thermal camera TMC series provided by THREE R SOLUTION CORP. JAPAN are vulnerable to insufficient technical documentation (CWE-1059).
The related documentation does not describe the existence of the network interface, nor the internal storage for pictures and measurement data.
Impact
The user of the affected product is not aware of the internally saved data.
By accessing the affected product physically, an attacker may retrieve the internal data.
Solution
Apply the workaround
Apply the workaround according to the information provided by the developer.
For more information, refer to the information provided by the developer.
Vendor Status
| Vendor | Link |
| THREE R SOLUTION CORP. JAPAN | Points to Note When Operating and Disposing (Reselling) the Thermal Camera TMC Series (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Comment
The analysis assumes that the user, without knowing the pictures and measurement data kept in the device, gives the device away, and the internal data is extracted from the device.
Credit
Hiroyuki Harada of Sapporo Gakuin University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2024-22028 |
| JVN iPedia |
JVNDB-2024-000002 |