Details of VAR-201706-1118

ID

VAR-201706-1118

TITLE

Foscam camera adds user remote command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-08911

DESCRIPTION

FOSCAM Group is a national high-tech enterprise specializing in the design, development, manufacture and sale of network cameras, network video recorders and other products. Foscamcamera adds a remote command execution vulnerability to the usrName parameter in the CGIProxy.fcgiaddAccount function at the user. Since the web page is run with root privileges, the command will also be executed with root privileges. However, the use of this vulnerability requires a valid certificate

Trust: 0.6

sources: CNVD: CNVD-2017-08911

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-08911

AFFECTED PRODUCTS

vendor:	foscam	model:	c2	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	sab	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ebode	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ivue	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	qcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	technaxx	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	nexxt	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ambientcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	novodio	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	turbox	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	netis	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	7links	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	thomson	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	chacon	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam i5	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-08911

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-08911
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-08911
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-08911

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-08911

Trust: 0.6

sources: CNVD: CNVD-2017-08911

REFERENCES

url:	https://business.f-secure.com/foscam_cameras_and_compromise	Trust: 0.6
url:	http://images.news.f-secure.com/web/fsecure/%7b43df9e0d-20a8-404a-86d0-70dcca00b6e5%7d_vulnerabilities-in-foscam-ip-cameras_report.pdf?_ga=2.103952768.1877007297.1496980664-1350286355.1496980664	Trust: 0.6

sources: CNVD: CNVD-2017-08911

SOURCES

db:

CNVD

id:

CNVD-2017-08911

LAST UPDATE DATE

2022-05-04T09:56:51.158000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-08911

date:

2017-06-20T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-08911

date:

2017-06-09T00:00:00