SB2017111306 - Multiple vulnerabilities in Foscam C1 Indoor HD Camera

Security Bulletin ID SB2017111306

Severity

High

Patch available

YES

Number of vulnerabilities 12

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.

1) OS command injection (CVE-ID: CVE-2017-2872)

The vulnerability allows a remote authenticated attacker to execute arbitrary shell commands on the target system.

The weakness exists due to insufficient security checks in the recovery procedure. A remote attacker can send a malicious HTTP request and use a specially crafted image to perform a firmware upgrade and execute shell commands with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) Information disclosure (CVE-ID: CVE-2017-2874)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the Multi-Camera interface. A remote attacker can send specially crafted request on port 10001 and retrieve sensitive information without authentication.

3) Buffer overflow (CVE-ID: CVE-2017-2879)

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the UPnP implementation. An adjacent attacker can supply a specially crafted UPnP discovery response and reply to a discovery message, overwrite arbitrary data and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Buffer overflow (CVE-ID: CVE-2017-2876)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the Multi-Camera interface. A remote attacker can supply a specially crafted request on port 10000, trigger memory corruption, overwrite arbitrary data and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Buffer overflow (CVE-ID: CVE-2017-2856)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the DDNS client. A remote attacker who is able to intercept HTTP connections can create a rogue HTTP server, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

6) Buffer overflow (CVE-ID: CVE-2017-2878)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the web management interface. A remote attacker can send a specially crafted HTTP request, trigger memory corruption, overwrite arbitrary data and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

7) Buffer overflow (CVE-ID: CVE-2017-2854)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the DDNS client. A remote attacker who is able to intercept HTTP connections can create a rogue HTTP server, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

8) Buffer overflow (CVE-ID: CVE-2017-2857)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the DDNS client. A remote attacker who is able to intercept HTTP connections can create a rogue HTTP server, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

9) Buffer overflow (CVE-ID: CVE-2017-2855)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the DDNS client. A remote attacker who is able to intercept HTTP connections can create a rogue HTTP server, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

10) Security restrictions bypass (CVE-ID: CVE-2017-2877)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to a missing error check in the Multi-Camera interface. A remote attacker can send specially crafted request on port 10001 and reset the user accounts to factory defaults without authentication.

11) OS command injection (CVE-ID: CVE-2017-2873)

The vulnerability allows a remote authenticated attacker to execute arbitrary shell commands on the target system.

The weakness exists due to insufficient security checks in the recovery procedure. A remote attacker can send a malicious HTTP request, inject arbitrary shell characters during the SoftAP configuration and execute shell commands with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

12) Buffer overflow (CVE-ID: CVE-2017-2875)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the Multi-Camera interface. A remote attacker can send a specially crafted HTTP request on port 10000, trigger memory corruption, overwrite arbitrary data and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

SB2017111306 - Multiple vulnerabilities in Foscam C1 Indoor HD Camera

Breakdown by Severity

Description

Remediation

References

Please verify you're human