Unrated severityNVD Advisory· Published May 14, 2015· Updated May 6, 2026

CVE-2014-1902

Description

Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to inject arbitrary web script or HTML via the (1) SYSCONTACT parameter to form/identityApply, as triggered using en/identity.asp; (2) PASSWD parameter to form/accAdd, as triggered using en/account/accedit.asp; (3) NTPSERVER parameter to form/clockApply, as triggered using en/clock.asp; (4) SERVER parameter to form/smtpclientApply, as triggered using en/smtpclient.asp; (5) SERVER parameter to form/ftpApply, as triggered using en/ftp.asp; or (6) SERVER parameter to form/httpEventApply, as triggered using en/httpevent.asp.

Affected products

Y Cam/Ycbl03
cpe:2.3:h:y-cam:ycbl03:*:*:*:*:*:*:*:*
Y Cam/Ycblb3
cpe:2.3:h:y-cam:ycblb3:*:*:*:*:*:*:*:*
Y Cam/Ycw004
cpe:2.3:h:y-cam:ycw004:*:*:*:*:*:*:*:*
Y Cam/Ycb001 Firmware
cpe:2.3:o:y-cam:ycb001_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Ycb002 Firmware
cpe:2.3:o:y-cam:ycb002_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Ycb003 Firmware
cpe:2.3:o:y-cam:ycb003_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Ycb004 Firmware
cpe:2.3:o:y-cam:ycb004_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Ycbl03 Firmware
cpe:2.3:o:y-cam:ycbl03_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Ycblb3 Firmware
cpe:2.3:o:y-cam:ycblb3_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Ycblhd5 Firmware
cpe:2.3:o:y-cam:ycblhd5_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Yceb03 Firmware
cpe:2.3:o:y-cam:yceb03_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Yck002 Firmware
cpe:2.3:o:y-cam:yck002_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Yck003 Firmware
cpe:2.3:o:y-cam:yck003_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Yck004 Firmware
cpe:2.3:o:y-cam:yck004_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Ycw001 Firmware
cpe:2.3:o:y-cam:ycw001_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Ycw002 Firmware
cpe:2.3:o:y-cam:ycw002_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Ycw003 Firmware
cpe:2.3:o:y-cam:ycw003_firmware:4.30:*:*:*:*:*:*:*
Y Cam/Ycw004 Firmware
cpe:2.3:o:y-cam:ycw004_firmware:4.30:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.y-cam.com/y-cam-security-fix/nvdPatchVendor Advisory
www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/nvdExploit

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000