MidnightBSD

Advisories for foscam

CVE-2013-2560 HIGH

Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
foscam fi8919w *
CVE-2013-2574 MEDIUM

An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
foscam fi8620_firmware -
CVE-2013-5215 MEDIUM

Cross-site scripting (XSS) vulnerability in the web interface "WiFi scan" option in FOSCAM Wireless IP Cameras allows remote attackers to inject arbitrary web script or HTML via the SSID.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
foscam wireless_ip_camera -
CVE-2014-1849 HIGH

Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
foscam ip_camera_firmware 11.37.2.49
CVE-2014-1911 HIGH

The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
foscam fi8919w_firmware *
foscam fi8919w -
CVE-2016-8731 HIGH

Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
foscam c1_webcam_firmware 1.9.1.12
CVE-2017-2805 HIGH

An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An attacker can simply send an http request to the device to trigger this vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
foscam c1_hd_indoor_camera_firmware *
CVE-2017-2827 MEDIUM

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2828 MEDIUM

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2829 MEDIUM

An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2830 MEDIUM

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2831 MEDIUM

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2832 HIGH

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.37
CVE-2017-2833 HIGH

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.37
CVE-2017-2841 MEDIUM

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2842 MEDIUM

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2843 MEDIUM

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2844 MEDIUM

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2845 MEDIUM

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2846 MEDIUM

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2847 MEDIUM

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2848 MEDIUM

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2849 MEDIUM

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2850 MEDIUM

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2851 MEDIUM

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
foscam c1_indoor_hd_camera_firmware 2.52.2.37
CVE-2017-2854 HIGH

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2855 HIGH

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2856 HIGH

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2857 HIGH

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2871 MEDIUM

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2872 HIGH

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2873 MEDIUM

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2874 MEDIUM

An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2875 MEDIUM

An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2876 MEDIUM

An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2877 HIGH

A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-755,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2878 MEDIUM

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-2879 LOW

An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in the same subnetwork and reply to a discovery message to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-120,

Products Affected

Vendor Product Version
foscam c1_firmware 2.52.2.43
CVE-2017-7648 MEDIUM

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
foscam c1_lite *
foscam fi9828p *
foscam r2 *
foscam fi9800xe *
foscam c2 *
foscam fi9851p *
foscam fi9826p *
foscam fi9928p *
foscam fi9853ep *
foscam fi9901ep *
foscam fi9903p *
foscam c1 *
CVE-2018-19063 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19064 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-521,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19065 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9*Q password in some cases.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19066 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift* password in some cases.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19067 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19068 MEDIUM

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19069 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19070 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19071 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19072 LOW

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time.

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19073 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19074 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19075 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19076 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19077 HIGH

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19078 MEDIUM

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19079 HIGH

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-862,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19080 MEDIUM

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19081 HIGH

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-19082 HIGH

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opticam i5_application_firmware 2.21.1.128
opticam i5_system_firmware 1.5.2.11
foscam c2_application_firmware 2.72.1.32
foscam c2_system_firmware 1.11.1.8
CVE-2018-6830 MEDIUM

Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
foscam fi9800p_firmware *
foscam fi9851p_firmware *
foscam fi9821ep_firmware *
foscam fi9900p_firmware *
foscam fi9826w_firmware *
foscam c1_lite_firmware *
foscam r2_firmware *
foscam fi9821p_firmware *
foscam fi9961ep_firmware *
foscam c2_firmware *
foscam fi9853ep_firmware *
foscam fi9804p_firmware *
foscam fi9828p_firmware *
foscam fi9805w_firmware *
foscam fi9901ep_firmware *
foscam fi9831p_firmware *
foscam fi9821w_firmware *
foscam fi9831w_firmware *
foscam c1_firmware *
foscam r4_firmware *
foscam fi9900ep_firmware *
foscam fi9828w_firmware *
foscam fi9816p_firmware *
foscam fi9928p_firmware *
foscam fi9818w_firmware *
foscam fi9815p_firmware *
foscam fi9803ep_firmware *
foscam fi9804w_firmware *
foscam fi9826p_firmware *
foscam fi9803p_firmware *
foscam fi9805p_firmware *
foscam fi9805e_firmware *
CVE-2018-6831 HIGH

The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote authenticated users to execute arbitrary commands via a ';' in the ntpServer argument. NOTE: this issue exists because of an incomplete fix for CVE-2017-2849.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam fi9800p_firmware *
foscam fi9851p_firmware *
foscam fi9821ep_firmware *
foscam fi9900p_firmware *
foscam fi9826w_firmware *
foscam c1_lite_firmware *
foscam r2_firmware *
foscam fi9821p_firmware *
foscam fi9961ep_firmware *
foscam c2_firmware *
foscam fi9853ep_firmware *
foscam fi9804p_firmware *
foscam fi9828p_firmware *
foscam fi9805w_firmware *
foscam fi9901ep_firmware *
foscam fi9831p_firmware *
foscam fi9821w_firmware *
foscam fi9831w_firmware *
foscam c1_firmware *
foscam r4_firmware *
foscam fi9900ep_firmware *
foscam fi9828w_firmware *
foscam fi9816p_firmware *
foscam fi9928p_firmware *
foscam fi9818w_firmware *
foscam fi9815p_firmware *
foscam fi9803ep_firmware *
foscam fi9804w_firmware *
foscam fi9826p_firmware *
foscam fi9803p_firmware *
foscam fi9805p_firmware *
foscam fi9805e_firmware *
CVE-2018-6832 HIGH

Stack-based buffer overflow in the getSWFlag function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to cause a denial of service (crash and reboot), via the callbackJson parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
foscam fi9800p_firmware *
foscam fi9851p_firmware *
foscam fi9821ep_firmware *
foscam fi9900p_firmware *
foscam fi9826w_firmware *
foscam c1_lite_firmware *
foscam r2_firmware *
foscam fi9821p_firmware *
foscam fi9961ep_firmware *
foscam c2_firmware *
foscam fi9853ep_firmware *
foscam fi9804p_firmware *
foscam fi9828p_firmware *
foscam fi9805w_firmware *
foscam fi9901ep_firmware *
foscam fi9831p_firmware *
foscam fi9821w_firmware *
foscam fi9831w_firmware *
foscam c1_firmware *
foscam r4_firmware *
foscam fi9900ep_firmware *
foscam fi9828w_firmware *
foscam fi9816p_firmware *
foscam fi9928p_firmware *
foscam fi9818w_firmware *
foscam fi9815p_firmware *
foscam fi9803ep_firmware *
foscam fi9804w_firmware *
foscam fi9826p_firmware *
foscam fi9803p_firmware *
foscam fi9805p_firmware *
foscam fi9805e_firmware *
CVE-2021-43517 HIGH

FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
foscam fi9805e_firmware 4.02.r12.00018510.10012.143900.00000
CVE-2022-28743 HIGH

Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera's Linux OS, an attacker could effectively change the code that is running, add backdoor access, or invade the privacy of the user by accessing the live camera stream.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9
cve@mitre.org 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-367,

Products Affected

Vendor Product Version
foscam r2c_system_firmware *
foscam r2c_application_firmware *