Details of VAR-201706-1113

ID

VAR-201706-1113

TITLE

Foscam camera RtspServer Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-08902

DESCRIPTION

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. A denial of service vulnerability exists in FoscamcameraRtspServer that could allow an attacker to disconnect or freeze a video source. The Foscam camera device RTSP service incorrectly handles negative numbers when processing the \"Content-Length\" in the request, causing the RTSP service memory to overflow or crash, or a single request entering an infinite loop. Since the RTSP service has a daemon, when the service crashes, a new service process is restarted, so the attacker is more likely to boot the process into an infinite loop. This denial of service attack will disconnect the video or freeze the video, and the only way for the user to resume video playback is to reboot the device. This vulnerability only exists on some devices or part of the firmware version.

Trust: 0.6

sources: CNVD: CNVD-2017-08902

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-08902

AFFECTED PRODUCTS

vendor:	foscam	model:	c2	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	sab	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ebode	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ivue	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	qcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	technaxx	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	nexxt	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ambientcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	novodio	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	turbox	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	netis	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	7links	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	thomson	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	chacon	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam i5	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-08902

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-08902
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-08902
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-08902

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-08902

Trust: 0.6

sources: CNVD: CNVD-2017-08902

REFERENCES

url:	https://business.f-secure.com/foscam_cameras_and_compromise	Trust: 0.6
url:	http://images.news.f-secure.com/web/fsecure/%7b43df9e0d-20a8-404a-86d0-70dcca00b6e5%7d_vulnerabilities-in-foscam-ip-cameras_report.pdf?_ga=2.103952768.1877007297.1496980664-1350286355.1496980664	Trust: 0.6

sources: CNVD: CNVD-2017-08902

SOURCES

db:

CNVD

id:

CNVD-2017-08902

LAST UPDATE DATE

2022-05-04T10:04:42.199000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-08902

date:

2017-06-09T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-08902

date:

2017-06-09T00:00:00