MidnightBSD

Advisories for opticam

CVE-2018-19063 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19064 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-521,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19065 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9*Q password in some cases.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19066 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift* password in some cases.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19067 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19068 MEDIUM

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19069 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19070 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19071 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19072 LOW

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time.

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19073 HIGH

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19074 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19075 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19076 MEDIUM

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19077 HIGH

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19078 MEDIUM

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19079 HIGH

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-862,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19080 MEDIUM

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19081 HIGH

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11
CVE-2018-19082 HIGH

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
foscam c2_system_firmware 1.11.1.8
opticam i5_application_firmware 2.21.1.128
foscam c2_application_firmware 2.72.1.32
opticam i5_system_firmware 1.5.2.11