Details of VAR-201807-2145

ID

VAR-201807-2145

CVE

CVE-2018-6832

TITLE

plural Foscam Buffer error vulnerability in product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-008211

DESCRIPTION

Stack-based buffer overflow in the getSWFlag function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to cause a denial of service (crash and reboot), via the callbackJson parameter. plural Foscam The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Foscomm (FOSCAM) is a safe living brand under the Shenzhen Foscom Intelligent Technology Co., Ltd., covering network video surveillance products (webcam, hard disk recorder, monitoring kit), video cloud storage services. The Foscom Foscam camera has a stack buffer overflow vulnerability that allows an attacker to exploit the vulnerability to crash the device's webService process. Foscam Cameras C1 Lite V3 etc. are network camera products of China Foscam (FOSCAM) company. A remote attacker could use the 'callbackJson' parameter to cause a denial of service (crash and restart)

Trust: 2.25

sources: NVD: CVE-2018-6832 // JVNDB: JVNDB-2018-008211 // CNVD: CNVD-2018-12142 // VULHUB: VHN-136864

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-12142

AFFECTED PRODUCTS

vendor:	foscam	model:	fi9828p	scope:	lte	version:	2.11.1.133	Trust: 1.0
vendor:	foscam	model:	fi9851p	scope:	lte	version:	2.54.2.47	Trust: 1.0
vendor:	foscam	model:	fi9803p	scope:	lte	version:	2.24.2.31	Trust: 1.0
vendor:	foscam	model:	fi9853ep	scope:	lte	version:	2.22.2.31	Trust: 1.0
vendor:	foscam	model:	c1 lite	scope:	lte	version:	2.52.2.47	Trust: 1.0
vendor:	foscam	model:	fi9901ep	scope:	lte	version:	2.74.1.59	Trust: 1.0
vendor:	foscam	model:	c1	scope:	lte	version:	2.52.2.47	Trust: 1.0
vendor:	foscam	model:	fi9803p	scope:	lte	version:	2.54.2.47	Trust: 1.0
vendor:	foscam	model:	c2	scope:	lte	version:	2.72.1.59	Trust: 1.0
vendor:	foscam	model:	fi9928p	scope:	lte	version:	2.74.1.58	Trust: 1.0
vendor:	foscam	model:	fi9805p	scope:	lte	version:	2.14.1.120	Trust: 1.0
vendor:	foscam	model:	fi9803ep	scope:	lte	version:	2.22.2.31	Trust: 1.0
vendor:	foscam	model:	fi9831p	scope:	lte	version:	2.11.1.120	Trust: 1.0
vendor:	foscam	model:	fi9826p	scope:	lte	version:	2.11.1.120	Trust: 1.0
vendor:	foscam	model:	fi9821p	scope:	lte	version:	2.11.1.120	Trust: 1.0
vendor:	foscam	model:	fi9826p	scope:	lte	version:	2.21.2.31	Trust: 1.0
vendor:	foscam	model:	r4	scope:	lte	version:	2.71.1.59	Trust: 1.0
vendor:	foscam	model:	fi9831p	scope:	lte	version:	2.21.2.31	Trust: 1.0
vendor:	foscam	model:	fi9821p	scope:	lte	version:	2.21.2.31	Trust: 1.0
vendor:	foscam	model:	fi9800p	scope:	lte	version:	2.81.2.33	Trust: 1.0
vendor:	foscam	model:	fi9831w	scope:	lte	version:	2.11.1.120	Trust: 1.0
vendor:	foscam	model:	c1 lite	scope:	lte	version:	2.82.2.33	Trust: 1.0
vendor:	foscam	model:	c1	scope:	lte	version:	2.82.2.33	Trust: 1.0
vendor:	foscam	model:	fi9900p	scope:	lte	version:	2.74.1.59	Trust: 1.0
vendor:	foscam	model:	fi9828p	scope:	lte	version:	2.13.1.120	Trust: 1.0
vendor:	foscam	model:	fi9804p	scope:	lte	version:	2.14.1.120	Trust: 1.0
vendor:	foscam	model:	fi9821ep	scope:	lte	version:	2.21.2.31	Trust: 1.0
vendor:	foscam	model:	fi9800p	scope:	lte	version:	2.54.2.47	Trust: 1.0
vendor:	foscam	model:	fi9961ep	scope:	lte	version:	2.72.1.59	Trust: 1.0
vendor:	foscam	model:	fi9900ep	scope:	lte	version:	2.74.1.59	Trust: 1.0
vendor:	foscam	model:	r2	scope:	lte	version:	2.71.1.59	Trust: 1.0
vendor:	foscam	model:	fi9818w	scope:	lte	version:	2.13.2.120	Trust: 1.0
vendor:	foscam	model:	fi9828w	scope:	lte	version:	2.13.1.120	Trust: 1.0
vendor:	foscam	model:	fi9805e	scope:	lte	version:	2.14.1.120	Trust: 1.0
vendor:	foscam	model:	fi9821w	scope:	lte	version:	2.11.1.120	Trust: 1.0
vendor:	foscam	model:	fi9826p	scope:	lte	version:	2.81.2.33	Trust: 1.0
vendor:	foscam	model:	fi9831p	scope:	lte	version:	2.81.2.33	Trust: 1.0
vendor:	foscam	model:	fi9821p	scope:	lte	version:	2.81.2.33	Trust: 1.0
vendor:	foscam	model:	fi9815p	scope:	lte	version:	2.51.2.47	Trust: 1.0
vendor:	foscam	model:	fi9821ep	scope:	lte	version:	2.81.2.33	Trust: 1.0
vendor:	foscam	model:	fi9851p	scope:	lte	version:	2.24.2.31	Trust: 1.0
vendor:	foscam	model:	fi9826w	scope:	lte	version:	2.11.1.120	Trust: 1.0
vendor:	foscam	model:	fi9805w	scope:	lte	version:	2.14.1.120	Trust: 1.0
vendor:	foscam	model:	fi9816p	scope:	lte	version:	2.51.2.47	Trust: 1.0
vendor:	foscam	model:	fi9804w	scope:	lte	version:	2.14.1.120	Trust: 1.0
vendor:	foscam	model:	c1 lite	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	c1	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	c2	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	fi9800p	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	fi9900p	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	r2	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	r4	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	foscam	scope:	-	version:	-	Trust: 0.6
vendor:	foscam	model:	fi9800p	scope:	eq	version:	2.54.2.47	Trust: 0.6
vendor:	foscam	model:	fi9821p	scope:	eq	version:	2.81.2.33	Trust: 0.6
vendor:	foscam	model:	c1 lite	scope:	eq	version:	2.82.2.33	Trust: 0.6
vendor:	foscam	model:	c1	scope:	eq	version:	2.52.2.47	Trust: 0.6
vendor:	foscam	model:	fi9831p	scope:	eq	version:	2.81.2.33	Trust: 0.6
vendor:	foscam	model:	fi9821ep	scope:	eq	version:	2.81.2.33	Trust: 0.6
vendor:	foscam	model:	fi9826p	scope:	eq	version:	2.81.2.33	Trust: 0.6
vendor:	foscam	model:	fi9800p	scope:	eq	version:	2.81.2.33	Trust: 0.6
vendor:	foscam	model:	c1 lite	scope:	eq	version:	2.52.2.47	Trust: 0.6
vendor:	foscam	model:	c1	scope:	eq	version:	2.82.2.33	Trust: 0.6

sources: CNVD: CNVD-2018-12142 // JVNDB: JVNDB-2018-008211 // CNNVD: CNNVD-201807-495 // NVD: CVE-2018-6832

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-6832
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-6832
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-12142
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201807-495
value:	HIGH
Trust: 0.6
VULHUB:	VHN-136864
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-6832
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-12142
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-136864
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-6832
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-12142 // VULHUB: VHN-136864 // JVNDB: JVNDB-2018-008211 // CNNVD: CNNVD-201807-495 // NVD: CVE-2018-6832

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-136864 // JVNDB: JVNDB-2018-008211 // NVD: CVE-2018-6832

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-495

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201807-495

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008211

PATCH

title:	Securing Your Foscam Camera - Important Notice	url:	https://www.foscam.com/company/securing-your-foscam-camera-important-notice.html	Trust: 0.8
title:	Forskcom Foscam Camera Stack Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/132883	Trust: 0.6
title:	Multiple Foscam Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84013	Trust: 0.6

sources: CNVD: CNVD-2018-12142 // JVNDB: JVNDB-2018-008211 // CNNVD: CNNVD-201807-495

EXTERNAL IDS

db:	NVD	id:	CVE-2018-6832	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-008211	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-495	Trust: 0.7
db:	CNVD	id:	CNVD-2018-12142	Trust: 0.6
db:	VULHUB	id:	VHN-136864	Trust: 0.1

sources: CNVD: CNVD-2018-12142 // VULHUB: VHN-136864 // JVNDB: JVNDB-2018-008211 // CNNVD: CNNVD-201807-495 // NVD: CVE-2018-6832

REFERENCES

url:	https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/	Trust: 2.3
url:	https://www.foscam.com/company/securing-your-foscam-camera-important-notice.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6832	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6832	Trust: 0.8

sources: CNVD: CNVD-2018-12142 // VULHUB: VHN-136864 // JVNDB: JVNDB-2018-008211 // CNNVD: CNNVD-201807-495 // NVD: CVE-2018-6832

SOURCES

db:	CNVD	id:	CNVD-2018-12142
db:	VULHUB	id:	VHN-136864
db:	JVNDB	id:	JVNDB-2018-008211
db:	CNNVD	id:	CNNVD-201807-495
db:	NVD	id:	CVE-2018-6832

LAST UPDATE DATE

2024-11-23T22:45:15.784000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12142	date:	2018-06-27T00:00:00
db:	VULHUB	id:	VHN-136864	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-008211	date:	2018-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201807-495	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2018-6832	date:	2024-11-21T04:11:15.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-12142	date:	2018-06-27T00:00:00
db:	VULHUB	id:	VHN-136864	date:	2018-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-008211	date:	2018-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201807-495	date:	2018-07-09T00:00:00
db:	NVD	id:	CVE-2018-6832	date:	2018-07-09T17:29:00.323