Details of VAR-201706-1123

ID

VAR-201706-1123

TITLE

Foscam camera firewall configuration error vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-08906

DESCRIPTION

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. There is a configuration error in the Foscamcamera firewall. The Foscam camera device has a firewall function, but the firewall only restricts access to the web user interface (ports 80 and 443), and the IP address denied by the firewall can still access other services, such as ONVIF. (888 ports), FTP (50021 ports), RTSP (65534 ports), and telnet (23 ports). In the case that the request is rejected by the firewall, the firewall will return different results for the validity of the credential, the invalid credential will return an error-2 error, and the valid credential will return an error-8 error, so even if there is a firewall, the user can The voucher is violently enumerated.

Trust: 0.6

sources: CNVD: CNVD-2017-08906

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-08906

AFFECTED PRODUCTS

vendor:	foscam	model:	c2	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	sab	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ebode	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ivue	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	qcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	technaxx	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	nexxt	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ambientcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	novodio	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	turbox	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	netis	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	7links	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	thomson	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	chacon	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam i5	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-08906

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-08906
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-08906
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-08906

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-08906

Trust: 0.6

sources: CNVD: CNVD-2017-08906

REFERENCES

url:	https://business.f-secure.com/foscam_cameras_and_compromise	Trust: 0.6
url:	http://images.news.f-secure.com/web/fsecure/%7b43df9e0d-20a8-404a-86d0-70dcca00b6e5%7d_vulnerabilities-in-foscam-ip-cameras_report.pdf?_ga=2.103952768.1877007297.1496980664-1350286355.1496980664	Trust: 0.6

sources: CNVD: CNVD-2017-08906

SOURCES

db:

CNVD

id:

CNVD-2017-08906

LAST UPDATE DATE

2022-05-04T10:08:40.774000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-08906

date:

2017-06-09T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-08906

date:

2017-06-09T00:00:00