{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22876", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-01-14T04:14:36.610Z", "datePublished": "2026-01-16T08:17:13.902Z", "dateUpdated": "2026-01-16T13:45:02.768Z"}, "containers": {"cna": {"affected": [{"vendor": "TOA Corporation", "product": "Multiple Network Cameras TRIFORA 3 series", "versions": [{"version": "see the information provided by the vendor", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If this vulnerability is exploited, arbitrary files on the affected product may be retrieved by a logged-in user with the low(\"monitoring user\") or higher privilege."}], "problemTypes": [{"descriptions": [{"description": "Improper limitation of a pathname to a restricted directory ('Path Traversal')", "lang": "en-US", "cweId": "CWE-22", "type": "CWE"}]}], "references": [{"url": "https://www.toa-products.com/securityinfo/pdf/tv2025-001jp.pdf"}, {"url": "https://jvn.jp/en/jp/JVN08087148/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-01-16T08:17:13.902Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-16T13:44:54.173842Z", "id": "CVE-2026-22876", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T13:45:02.768Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22876", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-16T13:44:54.173842Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T13:44:58.307Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "TOA Corporation", "product": "Multiple Network Cameras TRIFORA 3 series", "versions": [{"status": "affected", "version": "see the information provided by the vendor"}]}], "references": [{"url": "https://www.toa-products.com/securityinfo/pdf/tv2025-001jp.pdf"}, {"url": "https://jvn.jp/en/jp/JVN08087148/"}], "descriptions": [{"lang": "en", "value": "Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If this vulnerability is exploited, arbitrary files on the affected product may be retrieved by a logged-in user with the low(\"monitoring user\") or higher privilege."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-22", "description": "Improper limitation of a pathname to a restricted directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-01-16T08:17:13.902Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22876", "state": "PUBLISHED", "dateUpdated": "2026-01-16T13:45:02.768Z", "dateReserved": "2026-01-14T04:14:36.610Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-01-16T08:17:13.902Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If this vulnerability is exploited, arbitrary files on the affected product may be retrieved by a logged-in user with the low(\"monitoring user\") or higher privilege."}, {"lang": "es", "value": "Una vulnerabilidad de salto de ruta existe en m\u00faltiples c\u00e1maras de red de la serie TRIFORA 3 proporcionadas por TOA Corporation. Si se explota esta vulnerabilidad, archivos arbitrarios en el producto afectado pueden ser recuperados por un usuario autenticado con privilegios bajos ('usuario de monitoreo') o superiores."}], "id": "CVE-2026-22876", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-01-16T09:16:23.013", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN08087148/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.toa-products.com/securityinfo/pdf/tv2025-001jp.pdf"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T05:48:33.543375+00:00", "value": {"mitigation_remediation": ["Update the camera\u2019s firmware to a version that includes the path\u2011traversal fix, as detailed in TOA\u2019s security advisory PDF.", "Restrict or remove monitoring\u2011level user accounts from the camera\u2019s configuration, ensuring only necessary privileged users exist.", "Apply network segmentation or firewall rules to limit access to camera management interfaces to trusted hosts only."], "summary": {"action": "Patch", "impact": "Remote File Disclosure"}, "threat_synthesis": {"affected_systems": "Devices from TOA Corporation\u2019s TRIFORA 3 series network cameras are affected. Specific firmware or model versions are not enumerated in the advisory, indicating that all publicly offered TRIFORA 3 cameras may be vulnerable until a corrected firmware release is deployed.", "description_and_impact": "A path traversal flaw in the TRIFORA 3 series network cameras permits a logged-in user with monitoring or higher privileges to read arbitrary files from the device\u2019s filesystem. The vulnerability is a classic content\u2011injection error (CWE\u201122) that can lead to disclosure of configuration files, credentials, or other sensitive data, potentially compromising the camera\u2019s security and the network it serves.", "risk_and_exploitability": "The CVSS score of 7.1 reflects moderate to high impact, while the EPSS score of less than 1% suggests a low likelihood of public exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, and an attacker must be authenticated as at least a monitoring user to leverage the flaw. Consequently, the risk is primarily confined to environments where such accounts exist and the cameras are exposed to internal or trusted network traffic."}}}}, "created": "2026-01-16T13:41:29.358416+00:00", "updated": "2026-04-18T06:00:08.484790+00:00", "vendors": ["toa_corporation", "toa_corporation$PRODUCT$trifora_3_series"]}