Details of VAR-201706-1121

ID

VAR-201706-1121

TITLE

Foscam camera web user interface hides hard-coded credentials vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2017-08909

DESCRIPTION

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. The FoscamcameraWeb user interface hides hard-coded credentials vulnerabilities. All Foscams have hidden and hard-coded credentials that are unaffected by user configuration. These credentials can access the web user interface of some devices. The actions that can be performed depend on the model of the device, such as Opticami5, which allows visitors to control the telnetd service and reset the device to factory settings.

Trust: 0.6

sources: CNVD: CNVD-2017-08909

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-08909

AFFECTED PRODUCTS

vendor:	foscam	model:	c2	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	sab	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ebode	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ivue	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	qcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	technaxx	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	nexxt	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ambientcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	novodio	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	turbox	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	netis	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	7links	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	thomson	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	chacon	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam i5	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-08909

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-08909
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2017-08909
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-08909

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-08909

Trust: 0.6

sources: CNVD: CNVD-2017-08909

REFERENCES

url:	https://business.f-secure.com/foscam_cameras_and_compromise	Trust: 0.6
url:	http://images.news.f-secure.com/web/fsecure/%7b43df9e0d-20a8-404a-86d0-70dcca00b6e5%7d_vulnerabilities-in-foscam-ip-cameras_report.pdf?_ga=2.103952768.1877007297.1496980664-1350286355.1496980664	Trust: 0.6

sources: CNVD: CNVD-2017-08909

SOURCES

db:

CNVD

id:

CNVD-2017-08909

LAST UPDATE DATE

2022-05-04T09:34:11.790000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-08909

date:

2017-06-09T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-08909

date:

2017-06-09T00:00:00