Details of VAR-201706-1143

ID

VAR-201706-1143

TITLE

Foscam camera FTP Server Account Empty Password Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-08903

DESCRIPTION

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. The Foscamcamera FTP server has an account blank password vulnerability. The password of the built-in FTP account of Foscam is empty by default, which can cause an attacker to upload and download files.

Trust: 0.6

sources: CNVD: CNVD-2017-08903

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-08903

AFFECTED PRODUCTS

vendor:	foscam wansview	model:	and wansview h.264 hi3510/11/12 ip cameras	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	c2	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	sab	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ebode	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ivue	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	qcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	technaxx	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	nexxt	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	ambientcam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	novodio	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	turbox	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	netis	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	7links	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	thomson	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	chacon	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	opticam i5	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-08903

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-08903
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2017-08903
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-08903

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-08903

Trust: 0.6

sources: CNVD: CNVD-2017-08903

REFERENCES

url:	https://business.f-secure.com/foscam_cameras_and_compromise	Trust: 0.6
url:	http://images.news.f-secure.com/web/fsecure/%7b43df9e0d-20a8-404a-86d0-70dcca00b6e5%7d_vulnerabilities-in-foscam-ip-cameras_report.pdf?_ga=2.103952768.1877007297.1496980664-1350286355.1496980664	Trust: 0.6

sources: CNVD: CNVD-2017-08903

SOURCES

db:

CNVD

id:

CNVD-2017-08903

LAST UPDATE DATE

2022-05-04T09:04:33.308000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-08903

date:

2017-06-09T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-08903

date:

2017-06-09T00:00:00