Details of VAR-201804-0579

ID

VAR-201804-0579

CVE

CVE-2017-2833

TITLE

Foscam C1 Indoor HD Camera In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013356

DESCRIPTION

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. Foscam IP Video Camera is prone to multiple command-injection vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary commands in context of the affected device

Trust: 2.52

sources: NVD: CVE-2017-2833 // JVNDB: JVNDB-2017-013356 // CNVD: CNVD-2018-10136 // BID: 99184 // VULHUB: VHN-111036

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	smart home camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-10136

AFFECTED PRODUCTS

vendor:	foscam	model:	c1	scope:	eq	version:	2.52.2.37	Trust: 1.6
vendor:	foscam	model:	c1 indoor hd camera	scope:	eq	version:	2.52.2.37	Trust: 0.8
vendor:	foscam	model:	c1 indoor hd camera	scope:	eq	version:	0	Trust: 0.6
vendor:	foscam	model:	ip video camera	scope:	eq	version:	1.9.3.17	Trust: 0.3
vendor:	foscam	model:	ip video camera	scope:	ne	version:	2.0.2.43	Trust: 0.3

sources: CNVD: CNVD-2018-10136 // BID: 99184 // JVNDB: JVNDB-2017-013356 // CNNVD: CNNVD-201804-1370 // NVD: CVE-2017-2833

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2833
value:	HIGH
Trust: 1.0
talos-cna@cisco.com:	CVE-2017-2833
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2833
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-10136
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201804-1370
value:	HIGH
Trust: 0.6
VULHUB:	VHN-111036
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2833
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10136
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-111036
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2833
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2017-2833
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2017-2833
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-10136 // VULHUB: VHN-111036 // JVNDB: JVNDB-2017-013356 // CNNVD: CNNVD-201804-1370 // NVD: CVE-2017-2833 // NVD: CVE-2017-2833

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-78	Trust: 0.9

sources: VULHUB: VHN-111036 // JVNDB: JVNDB-2017-013356 // NVD: CVE-2017-2833

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1370

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201804-1370

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013356

PATCH

title:	Top Page	url:	https://www.foscam.com/downloads/index.html	Trust: 0.8
title:	Patch for FoscamC1IndoorHDCamera Command Injection Vulnerability (CNVD-2018-10136)	url:	https://www.cnvd.org.cn/patchInfo/show/130023	Trust: 0.6
title:	Foscam C1 Indoor HD Camera Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79655	Trust: 0.6

sources: CNVD: CNVD-2018-10136 // JVNDB: JVNDB-2017-013356 // CNNVD: CNNVD-201804-1370

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2833	Trust: 3.5
db:	TALOS	id:	TALOS-2017-0334	Trust: 2.5
db:	BID	id:	99184	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-013356	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1370	Trust: 0.7
db:	CNVD	id:	CNVD-2018-10136	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	SEEBUG	id:	SSVID-96498	Trust: 0.1
db:	VULHUB	id:	VHN-111036	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-10136 // VULHUB: VHN-111036 // BID: 99184 // JVNDB: JVNDB-2017-013356 // CNNVD: CNNVD-201804-1370 // NVD: CVE-2017-2833

REFERENCES

url:	https://www.talosintelligence.com/vulnerability_reports/talos-2017-0334	Trust: 1.9
url:	http://www.securityfocus.com/bid/99184	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2833	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2833	Trust: 0.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2017-0334	Trust: 0.6
url:	http://www.foscam.com/	Trust: 0.3
url:	http://blog.talosintelligence.com/2017/06/foscam-vuln-details.html	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-10136 // VULHUB: VHN-111036 // BID: 99184 // JVNDB: JVNDB-2017-013356 // CNNVD: CNNVD-201804-1370 // NVD: CVE-2017-2833

CREDITS

Cory Duplantis, Claudio Bozzato and another member of Cisco Talos.

Trust: 0.3

sources: BID: 99184

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2018-10136
db:	VULHUB	id:	VHN-111036
db:	BID	id:	99184
db:	JVNDB	id:	JVNDB-2017-013356
db:	CNNVD	id:	CNNVD-201804-1370
db:	NVD	id:	CVE-2017-2833

LAST UPDATE DATE

2025-01-30T21:29:20.975000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10136	date:	2018-05-23T00:00:00
db:	VULHUB	id:	VHN-111036	date:	2018-06-05T00:00:00
db:	BID	id:	99184	date:	2017-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-013356	date:	2018-06-22T00:00:00
db:	CNNVD	id:	CNNVD-201804-1370	date:	2022-06-08T00:00:00
db:	NVD	id:	CVE-2017-2833	date:	2024-11-21T03:24:14.467

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-10136	date:	2018-05-23T00:00:00
db:	VULHUB	id:	VHN-111036	date:	2018-04-24T00:00:00
db:	BID	id:	99184	date:	2017-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-013356	date:	2018-06-22T00:00:00
db:	CNNVD	id:	CNNVD-201804-1370	date:	2018-04-25T00:00:00
db:	NVD	id:	CVE-2017-2833	date:	2018-04-24T19:29:02.377