Details of VAR-201706-1131

ID

VAR-201706-1131

TITLE

Foscam camera startup script permissions misalization vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-08912

DESCRIPTION

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. The Foscamcamera startup script has a vulnerability in the allocation of permissions. At system startup, the device automatically loads execute boot.sh, which is set to any user readable and writable executable. This allows anyone to access and modify its content for their own commands. This file is stored in memory, so any changes made to it will take effect when the system is restarted. Because each time the system starts, the commands in the file will be re-executed, so the attacker can make a persistent attack on the device.

Trust: 0.6

sources: CNVD: CNVD-2017-08912

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-08912

AFFECTED PRODUCTS

vendor:	foscam	model:	c2	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	sab	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ebode	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ivue	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	qcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	technaxx	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	nexxt	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ambientcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	novodio	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	turbox	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	netis	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	7links	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	thomson	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	chacon	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam i5	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-08912

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-08912
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-08912
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-08912

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-08912

Trust: 0.6

sources: CNVD: CNVD-2017-08912

REFERENCES

url:	https://business.f-secure.com/foscam_cameras_and_compromise	Trust: 0.6
url:	http://images.news.f-secure.com/web/fsecure/%7b43df9e0d-20a8-404a-86d0-70dcca00b6e5%7d_vulnerabilities-in-foscam-ip-cameras_report.pdf?_ga=2.103952768.1877007297.1496980664-1350286355.1496980664	Trust: 0.6

sources: CNVD: CNVD-2017-08912

SOURCES

db:

CNVD

id:

CNVD-2017-08912

LAST UPDATE DATE

2022-05-04T09:17:30.559000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-08912

date:

2017-06-09T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-08912

date:

2017-06-09T00:00:00