Details of VAR-201706-0439

ID

VAR-201706-0439

CVE

CVE-2016-8731

TITLE

Foscam C1 Indoor HD Vulnerabilities related to the use of hard-coded credentials in cameras

Trust: 0.8

sources: JVNDB: JVNDB-2016-008694

DESCRIPTION

Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. Foscam C1 Indoor HD The camera contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamC1 is a wireless IP camera product from China Foscom (FOSCAM). There is a security vulnerability in FoscamC1 using firmware version 1.9.1.12. Foscam C1 Webcam is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain unauthorized access or obtain sensitive information; this may lead to further attacks. ### Tested Versions Foscam C1 Firmware Version 1.9.1.12 ### Product URLs Foscam ### CVSSv3 Score 9.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ### CWE CWE-259: Use of Hard-coded Password ### Details The file found at '/mtd/app/bin/ftpd/pureftpd.passwd' contains the following hash: ``` r:$1$whR6Mhk0$FR1VT/mX5D/qwRsgCkHLO.:1001:1001::/mnt/sd/./:::::::::::: ``` This hash resolves to a simple user/pass combo of 'r:r'. The user/pass of r:r permits anyone to log into a Foscam camera and have full read/write to the mounted Micro-SD card, which contains .avi videos and .jpg snapshots. If the camera has a microphone, the .avi videos will have audio recording as well. An attacker armed with this knowledge can connect remotely to the..

Trust: 2.52

sources: NVD: CVE-2016-8731 // JVNDB: JVNDB-2016-008694 // CNVD: CNVD-2017-16320 // BID: 99193 // VULHUB: VHN-97551

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-16320

AFFECTED PRODUCTS

vendor:	foscam	model:	c1 webcam	scope:	eq	version:	1.9.1.12	Trust: 2.5
vendor:	foscam	model:	c1 indoor hd camera	scope:	eq	version:	1.9.1.12	Trust: 0.8

sources: CNVD: CNVD-2017-16320 // BID: 99193 // JVNDB: JVNDB-2016-008694 // CNNVD: CNNVD-201706-936 // NVD: CVE-2016-8731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8731
value:	CRITICAL
Trust: 1.0
talos-cna@cisco.com:	CVE-2016-8731
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-8731
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-16320
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201706-936
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-97551
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-8731
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-16320
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97551
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

talos-cna@cisco.com:	CVE-2016-8731
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2016-8731
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2017-16320 // VULHUB: VHN-97551 // JVNDB: JVNDB-2016-008694 // CNNVD: CNNVD-201706-936 // NVD: CVE-2016-8731 // NVD: CVE-2016-8731

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-97551 // JVNDB: JVNDB-2016-008694 // NVD: CVE-2016-8731

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-936

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-936

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008694

PATCH

title:	Top Page	url:	https://www.foscam.com/	Trust: 0.8
title:	FoscamC1 hardcoded credential authentication bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/98691	Trust: 0.6
title:	Foscam C1 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71159	Trust: 0.6

sources: CNVD: CNVD-2017-16320 // JVNDB: JVNDB-2016-008694 // CNNVD: CNNVD-201706-936

EXTERNAL IDS

db:	TALOS	id:	TALOS-2016-0245	Trust: 3.4
db:	NVD	id:	CVE-2016-8731	Trust: 3.4
db:	BID	id:	99193	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-008694	Trust: 0.8
db:	CNVD	id:	CNVD-2017-16320	Trust: 0.6
db:	CNNVD	id:	CNNVD-201706-936	Trust: 0.6
db:	SEEBUG	id:	SSVID-96488	Trust: 0.1
db:	VULHUB	id:	VHN-97551	Trust: 0.1

sources: CNVD: CNVD-2017-16320 // VULHUB: VHN-97551 // BID: 99193 // JVNDB: JVNDB-2016-008694 // CNNVD: CNNVD-201706-936 // NVD: CVE-2016-8731

REFERENCES

url:	https://www.talosintelligence.com/vulnerability_reports/talos-2016-0245	Trust: 2.5
url:	http://www.securityfocus.com/bid/99193	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8731	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8731	Trust: 0.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2016-0245	Trust: 0.6
url:	http://www.foscam.com/	Trust: 0.3
url:	https://www.talosintelligence.com/reports/talos-2016-0245/	Trust: 0.3
url:	http://blog.talosintelligence.com/2017/06/foscam-vuln-details.html	Trust: 0.3

sources: CNVD: CNVD-2017-16320 // VULHUB: VHN-97551 // BID: 99193 // JVNDB: JVNDB-2016-008694 // CNNVD: CNNVD-201706-936 // NVD: CVE-2016-8731

CREDITS

Richard Harman and Dave McDaniel of Cisco Talos

Trust: 0.3

sources: BID: 99193

SOURCES

db:	CNVD	id:	CNVD-2017-16320
db:	VULHUB	id:	VHN-97551
db:	BID	id:	99193
db:	JVNDB	id:	JVNDB-2016-008694
db:	CNNVD	id:	CNNVD-201706-936
db:	NVD	id:	CVE-2016-8731

LAST UPDATE DATE

2025-04-20T23:04:56.409000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-16320	date:	2017-07-24T00:00:00
db:	VULHUB	id:	VHN-97551	date:	2022-12-14T00:00:00
db:	BID	id:	99193	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-008694	date:	2017-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201706-936	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2016-8731	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-16320	date:	2017-07-24T00:00:00
db:	VULHUB	id:	VHN-97551	date:	2017-06-21T00:00:00
db:	BID	id:	99193	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-008694	date:	2017-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201706-936	date:	2017-06-22T00:00:00
db:	NVD	id:	CVE-2016-8731	date:	2017-06-21T19:29:00.197