Multiple vulnerabilities in Foscam C1 Indoor HD Camera
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2017-2872 CVE-2017-2874 CVE-2017-2879 CVE-2017-2876 CVE-2017-2856 CVE-2017-2878 CVE-2017-2854 CVE-2017-2857 CVE-2017-2855 CVE-2017-2877 CVE-2017-2873 CVE-2017-2875 |
| CWE-ID | CWE-78 CWE-200 CWE-120 CWE-392 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #12 is available. |
| Vulnerable software Subscribe |
IP Video Camera Firmware Hardware solutions / Firmware |
| Vendor | Foscam |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) OS command injection
EUVDB-ID: #VU9410
Risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2872
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary shell commands on the target system.
The weakness exists due to insufficient security checks in the recovery procedure. A remote attacker can send a malicious HTTP request and use a specially crafted image to perform a firmware upgrade and execute shell commands with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Information disclosure
EUVDB-ID: #VU9411
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2874
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a flaw in the Multi-Camera interface. A remote attacker can send specially crafted request on port 10001 and retrieve sensitive information without authentication.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0381
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Buffer overflow
EUVDB-ID: #VU9412
Risk: Low
CVSSv3.1: 7.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2879
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the UPnP implementation. An adjacent attacker can supply a specially crafted UPnP discovery response and reply to a discovery message, overwrite arbitrary data and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0386
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Buffer overflow
EUVDB-ID: #VU9413
Risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2876
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the Multi-Camera interface. A remote attacker can supply a specially crafted request on port 10000, trigger memory corruption, overwrite arbitrary data and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0383
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Buffer overflow
EUVDB-ID: #VU9414
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2856
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the DDNS client. A remote attacker who is able to intercept HTTP connections can create a rogue HTTP server, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0359
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Buffer overflow
EUVDB-ID: #VU9415
Risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2878
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the web management interface. A remote attacker can send a specially crafted HTTP request, trigger memory corruption, overwrite arbitrary data and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0385
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Buffer overflow
EUVDB-ID: #VU9416
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2854
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the DDNS client. A remote attacker who is able to intercept HTTP connections can create a rogue HTTP server, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0357
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Buffer overflow
EUVDB-ID: #VU9417
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2857
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the DDNS client. A remote attacker who is able to intercept HTTP connections can create a rogue HTTP server, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Buffer overflow
EUVDB-ID: #VU9418
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2855
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the DDNS client. A remote attacker who is able to intercept HTTP connections can create a rogue HTTP server, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0358
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Security restrictions bypass
EUVDB-ID: #VU9419
Risk: Low
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2877
CWE-ID:
CWE-392 - Missing Report of Error Condition
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a missing error check in the Multi-Camera interface. A remote attacker can send specially crafted request on port 10001 and reset the user accounts to factory defaults without authentication.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0384
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) OS command injection
EUVDB-ID: #VU9420
Risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2873
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary shell commands on the target system.
The weakness exists due to insufficient security checks in the recovery procedure. A remote attacker can send a malicious HTTP request, inject arbitrary shell characters during the SoftAP configuration and execute shell commands with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0380
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Buffer overflow
EUVDB-ID: #VU9421
Risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2875
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the Multi-Camera interface. A remote attacker can send a specially crafted HTTP request on port 10000, trigger memory corruption, overwrite arbitrary data and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
IP Video Camera Firmware: 2.52 (.2.43)
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0382
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
