Details of VAR-201704-1458

ID

VAR-201704-1458

CVE

CVE-2017-7648

TITLE

Foscam Vulnerability that breaks cryptographic protection mechanisms in network devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-003124

DESCRIPTION

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation

Trust: 1.71

sources: NVD: CVE-2017-7648 // JVNDB: JVNDB-2017-003124 // VULMON: CVE-2017-7648

AFFECTED PRODUCTS

vendor:	foscam	model:	c1 lite	scope:	-	version:	-	Trust: 1.4
vendor:	foscam	model:	c2	scope:	-	version:	-	Trust: 1.4
vendor:	foscam	model:	fi9800xe	scope:	-	version:	-	Trust: 1.4
vendor:	foscam	model:	fi9828p	scope:	-	version:	-	Trust: 1.4
vendor:	foscam	model:	fi9851p	scope:	-	version:	-	Trust: 1.4
vendor:	foscam	model:	fi9853ep	scope:	-	version:	-	Trust: 1.4
vendor:	foscam	model:	fi9901ep	scope:	-	version:	-	Trust: 1.4
vendor:	foscam	model:	fi9903p	scope:	-	version:	-	Trust: 1.4
vendor:	foscam	model:	fi9928p	scope:	-	version:	-	Trust: 1.4
vendor:	foscam	model:	r2	scope:	-	version:	-	Trust: 1.4
vendor:	foscam	model:	r2	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	fi9826p	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	c1 lite	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	fi9903p	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	fi9800xe	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	fi9828p	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	fi9901ep	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	fi9851p	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	c2	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	c1	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	fi9928p	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	fi9853ep	scope:	eq	version:	*	Trust: 1.0
vendor:	foscam	model:	c1	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	fi9826p	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2017-003124 // CNNVD: CNNVD-201704-468 // NVD: CVE-2017-7648

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7648
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-7648
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201704-468
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-7648
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7648
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2017-7648
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULMON: CVE-2017-7648 // JVNDB: JVNDB-2017-003124 // CNNVD: CNNVD-201704-468 // NVD: CVE-2017-7648

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2017-003124 // NVD: CVE-2017-7648

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-468

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201704-468

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003124

PATCH

title:	Top Page	url:	http://www.foscam.com/	Trust: 0.8
title:	CVE-2017-7648.	url:	https://github.com/notmot/CVE-2017-7648.	Trust: 0.1

sources: VULMON: CVE-2017-7648 // JVNDB: JVNDB-2017-003124

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7648	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-003124	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-468	Trust: 0.6
db:	VULMON	id:	CVE-2017-7648	Trust: 0.1

sources: VULMON: CVE-2017-7648 // JVNDB: JVNDB-2017-003124 // CNNVD: CNNVD-201704-468 // NVD: CVE-2017-7648

REFERENCES

url:	http://www.securityfocus.com/archive/1/540388/30/0/threaded	Trust: 2.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7648	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7648	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/notmot/cve-2017-7648.	Trust: 0.1

sources: VULMON: CVE-2017-7648 // JVNDB: JVNDB-2017-003124 // CNNVD: CNNVD-201704-468 // NVD: CVE-2017-7648

SOURCES

db:	VULMON	id:	CVE-2017-7648
db:	JVNDB	id:	JVNDB-2017-003124
db:	CNNVD	id:	CNNVD-201704-468
db:	NVD	id:	CVE-2017-7648

LAST UPDATE DATE

2025-04-20T23:22:23.021000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2017-7648	date:	2017-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-003124	date:	2017-05-16T00:00:00
db:	CNNVD	id:	CNNVD-201704-468	date:	2017-09-29T00:00:00
db:	NVD	id:	CVE-2017-7648	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2017-7648	date:	2017-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2017-003124	date:	2017-05-16T00:00:00
db:	CNNVD	id:	CNNVD-201704-468	date:	2017-04-10T00:00:00
db:	NVD	id:	CVE-2017-7648	date:	2017-04-10T19:59:00.297