Sign-up

ID

VAR-201706-0497


CVE

CVE-2017-2842


TITLE

Foscam C1 Indoor HD Camera Web Command injection vulnerability in management interface

Trust: 0.8

sources: JVNDB: JVNDB-2017-005086

DESCRIPTION

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. The FoscamIndoorIPCameraC1Series is a C1 series wireless IP camera from Foscam, China. A security vulnerability exists in the web management interface in FoscamIndoorIPCameraC1Series using 2.52.2.37 application firmware. Foscam IP Video Camera is prone to multiple command-injection vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary commands in context of the affected device

Trust: 2.52

sources: NVD: CVE-2017-2842 // JVNDB: JVNDB-2017-005086 // CNVD: CNVD-2017-12601 // BID: 99184 // VULHUB: VHN-111045

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device']sub_category:smart home camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-12601

AFFECTED PRODUCTS

vendor:foscammodel:c1 indoor hd camerascope:eqversion:2.52.2.37

Trust: 2.4

vendor:foscammodel:ip video camerascope:eqversion:1.9.3.17

Trust: 0.9

vendor:foscammodel:ip video camerascope:neversion:2.0.2.43

Trust: 0.3

sources: CNVD: CNVD-2017-12601 // BID: 99184 // JVNDB: JVNDB-2017-005086 // CNNVD: CNNVD-201706-1124 // NVD: CVE-2017-2842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2842
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2842
value: HIGH

Trust: 1.0

NVD: CVE-2017-2842
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-12601
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201706-1124
value: HIGH

Trust: 0.6

VULHUB: VHN-111045
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2842
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-12601
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111045
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

talos-cna@cisco.com: CVE-2017-2842
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2017-2842
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2017-12601 // VULHUB: VHN-111045 // JVNDB: JVNDB-2017-005086 // CNNVD: CNNVD-201706-1124 // NVD: CVE-2017-2842 // NVD: CVE-2017-2842

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-111045 // JVNDB: JVNDB-2017-005086 // NVD: CVE-2017-2842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1124

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201706-1124

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005086

PATCH
title:Top Pageurl:https://www.foscam.com/
Trust: 0.8
title:Patch for the FoscamIndoorIPCameraC1Series command execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/97215
Trust: 0.6
title:Foscam Indoor IP Camera C1 Series Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71318
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-12601 // 
            
            
            
            JVNDB: JVNDB-2017-005086 // 
            
            
            
            CNNVD: CNNVD-201706-1124

EXTERNAL IDS
db:NVDid:CVE-2017-2842
Trust: 3.5
db:TALOSid:TALOS-2017-0344
Trust: 3.1
db:BIDid:99184
Trust: 2.6
db:JVNDBid:JVNDB-2017-005086
Trust: 0.8
db:CNNVDid:CNNVD-201706-1124
Trust: 0.7
db:CNVDid:CNVD-2017-12601
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:SEEBUGid:SSVID-96493
Trust: 0.1
db:VULHUBid:VHN-111045
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-12601 // 
            
            
            
            VULHUB: VHN-111045 // 
            
            
            
            BID: 99184 // 
            
            
            
            JVNDB: JVNDB-2017-005086 // 
            
            
            
            CNNVD: CNNVD-201706-1124 // 
            
            
            
            NVD: CVE-2017-2842

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0344
Trust: 3.1
url:http://www.securityfocus.com/bid/99184
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2842
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2842
Trust: 0.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0344
Trust: 0.6
url:http://www.foscam.com/
Trust: 0.3
url:http://blog.talosintelligence.com/2017/06/foscam-vuln-details.html
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-12601 // 
            
            
            
            VULHUB: VHN-111045 // 
            
            
            
            BID: 99184 // 
            
            
            
            JVNDB: JVNDB-2017-005086 // 
            
            
            
            CNNVD: CNNVD-201706-1124 // 
            
            
            
            NVD: CVE-2017-2842

CREDITS
Cory Duplantis, Claudio Bozzato and another member of Cisco Talos.
Trust: 0.3
sources:
            
            
            BID: 99184

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2017-12601
db:VULHUBid:VHN-111045
db:BIDid:99184
db:JVNDBid:JVNDB-2017-005086
db:CNNVDid:CNNVD-201706-1124
db:NVDid:CVE-2017-2842

LAST UPDATE DATE
2025-04-20T19:57:52.132000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-12601date:2017-07-04T00:00:00
db:VULHUBid:VHN-111045date:2019-10-03T00:00:00
db:BIDid:99184date:2017-06-19T00:00:00
db:JVNDBid:JVNDB-2017-005086date:2017-07-14T00:00:00
db:CNNVDid:CNNVD-201706-1124date:2022-04-20T00:00:00
db:NVDid:CVE-2017-2842date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-12601date:2017-07-04T00:00:00
db:VULHUBid:VHN-111045date:2017-06-27T00:00:00
db:BIDid:99184date:2017-06-19T00:00:00
db:JVNDBid:JVNDB-2017-005086date:2017-07-14T00:00:00
db:CNNVDid:CNNVD-201706-1124date:2017-06-28T00:00:00
db:NVDid:CVE-2017-2842date:2017-06-27T15:29:00.207