Details of VAR-201706-1126

ID

VAR-201706-1126

TITLE

Foscam camera Web Account Default Credential Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-08901

DESCRIPTION

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. There is a default credential vulnerability in the FoscamcameraWeb account. The Foscam camera device can access the web user interface using the default credentials with the username admin and password blank. In addition to gaining access to the device, attackers can upload and download files via the built-in FTP server and watch live video from the camera via the RTSP protocol.

Trust: 0.6

sources: CNVD: CNVD-2017-08901

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-08901

AFFECTED PRODUCTS

vendor:	foscam	model:	c2	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	sab	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ebode	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ivue	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	qcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	technaxx	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	nexxt	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ambientcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	novodio	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	turbox	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	netis	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	7links	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	thomson	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	chacon	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam i5	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-08901

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-08901
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-08901
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-08901

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-08901

Trust: 0.6

sources: CNVD: CNVD-2017-08901

REFERENCES

url:	https://business.f-secure.com/foscam_cameras_and_compromise	Trust: 0.6
url:	http://images.news.f-secure.com/web/fsecure/%7b43df9e0d-20a8-404a-86d0-70dcca00b6e5%7d_vulnerabilities-in-foscam-ip-cameras_report.pdf?_ga=2.103952768.1877007297.1496980664-1350286355.1496980664	Trust: 0.6

sources: CNVD: CNVD-2017-08901

SOURCES

db:

CNVD

id:

CNVD-2017-08901

LAST UPDATE DATE

2022-05-04T09:11:25.233000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-08901

date:

2017-06-20T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-08901

date:

2017-06-09T00:00:00