Sign-up

ID

VAR-201807-2160


CVE

CVE-2018-6831


TITLE

plural Foscam Command injection vulnerability in camera

Trust: 0.8

sources: JVNDB: JVNDB-2018-008030

DESCRIPTION

The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote authenticated users to execute arbitrary commands via a ';' in the ntpServer argument. NOTE: this issue exists because of an incomplete fix for CVE-2017-2849. plural Foscam The camera contains a command injection vulnerability. This vulnerability CVE-2017-2849 Due to an incomplete fix.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Foscomm (FOSCAM) is a safe living brand under the Shenzhen Foscom Intelligent Technology Co., Ltd., covering network video surveillance products (webcam, hard disk recorder, monitoring kit), video cloud storage services. The Foscom Foscam camera has a command injection vulnerability that stems from an attacker gaining administrator credentials that can be exploited as the root user to perform privilege escalation. are network camera products of China Foscam (FOSCAM) company. A security vulnerability exists in the 'setSystemTime' function in several Foscam Cameras products. A remote attacker can use the ';' in the ntpServer parameter to exploit this vulnerability to execute arbitrary commands

Trust: 2.25

sources: NVD: CVE-2018-6831 // JVNDB: JVNDB-2018-008030 // CNVD: CNVD-2018-12143 // VULHUB: VHN-136863

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12143

AFFECTED PRODUCTS

vendor:foscammodel:fi9828pscope:lteversion:2.11.1.133

Trust: 1.0

vendor:foscammodel:fi9851pscope:lteversion:2.54.2.47

Trust: 1.0

vendor:foscammodel:fi9803pscope:lteversion:2.24.2.31

Trust: 1.0

vendor:foscammodel:fi9853epscope:lteversion:2.22.2.31

Trust: 1.0

vendor:foscammodel:c1 litescope:lteversion:2.52.2.47

Trust: 1.0

vendor:foscammodel:fi9901epscope:lteversion:2.74.1.59

Trust: 1.0

vendor:foscammodel:c1scope:lteversion:2.52.2.47

Trust: 1.0

vendor:foscammodel:fi9803pscope:lteversion:2.54.2.47

Trust: 1.0

vendor:foscammodel:c2scope:lteversion:2.72.1.59

Trust: 1.0

vendor:foscammodel:fi9928pscope:lteversion:2.74.1.58

Trust: 1.0

vendor:foscammodel:fi9805pscope:lteversion:2.14.1.120

Trust: 1.0

vendor:foscammodel:fi9803epscope:lteversion:2.22.2.31

Trust: 1.0

vendor:foscammodel:fi9831pscope:lteversion:2.11.1.120

Trust: 1.0

vendor:foscammodel:fi9826pscope:lteversion:2.11.1.120

Trust: 1.0

vendor:foscammodel:fi9821pscope:lteversion:2.11.1.120

Trust: 1.0

vendor:foscammodel:fi9826pscope:lteversion:2.21.2.31

Trust: 1.0

vendor:foscammodel:r4scope:lteversion:2.71.1.59

Trust: 1.0

vendor:foscammodel:fi9831pscope:lteversion:2.21.2.31

Trust: 1.0

vendor:foscammodel:fi9821pscope:lteversion:2.21.2.31

Trust: 1.0

vendor:foscammodel:fi9800pscope:lteversion:2.81.2.33

Trust: 1.0

vendor:foscammodel:fi9831wscope:lteversion:2.11.1.120

Trust: 1.0

vendor:foscammodel:c1 litescope:lteversion:2.82.2.33

Trust: 1.0

vendor:foscammodel:c1scope:lteversion:2.82.2.33

Trust: 1.0

vendor:foscammodel:fi9900pscope:lteversion:2.74.1.59

Trust: 1.0

vendor:foscammodel:fi9828pscope:lteversion:2.13.1.120

Trust: 1.0

vendor:foscammodel:fi9804pscope:lteversion:2.14.1.120

Trust: 1.0

vendor:foscammodel:fi9821epscope:lteversion:2.21.2.31

Trust: 1.0

vendor:foscammodel:fi9800pscope:lteversion:2.54.2.47

Trust: 1.0

vendor:foscammodel:fi9961epscope:lteversion:2.72.1.59

Trust: 1.0

vendor:foscammodel:fi9900epscope:lteversion:2.74.1.59

Trust: 1.0

vendor:foscammodel:r2scope:lteversion:2.71.1.59

Trust: 1.0

vendor:foscammodel:fi9818wscope:lteversion:2.13.2.120

Trust: 1.0

vendor:foscammodel:fi9828wscope:lteversion:2.13.1.120

Trust: 1.0

vendor:foscammodel:fi9805escope:lteversion:2.14.1.120

Trust: 1.0

vendor:foscammodel:fi9821wscope:lteversion:2.11.1.120

Trust: 1.0

vendor:foscammodel:fi9826pscope:lteversion:2.81.2.33

Trust: 1.0

vendor:foscammodel:fi9831pscope:lteversion:2.81.2.33

Trust: 1.0

vendor:foscammodel:fi9821pscope:lteversion:2.81.2.33

Trust: 1.0

vendor:foscammodel:fi9815pscope:lteversion:2.51.2.47

Trust: 1.0

vendor:foscammodel:fi9821epscope:lteversion:2.81.2.33

Trust: 1.0

vendor:foscammodel:fi9851pscope:lteversion:2.24.2.31

Trust: 1.0

vendor:foscammodel:fi9826wscope:lteversion:2.11.1.120

Trust: 1.0

vendor:foscammodel:fi9805wscope:lteversion:2.14.1.120

Trust: 1.0

vendor:foscammodel:fi9816pscope:lteversion:2.51.2.47

Trust: 1.0

vendor:foscammodel:fi9804wscope:lteversion:2.14.1.120

Trust: 1.0

vendor:foscammodel:c1 litescope: - version: -

Trust: 0.8

vendor:foscammodel:c1scope: - version: -

Trust: 0.8

vendor:foscammodel:c2scope: - version: -

Trust: 0.8

vendor:foscammodel:fi9800pscope: - version: -

Trust: 0.8

vendor:foscammodel:fi9900pscope: - version: -

Trust: 0.8

vendor:foscammodel:r2scope: - version: -

Trust: 0.8

vendor:foscammodel:r4scope: - version: -

Trust: 0.8

vendor:foscammodel:foscamscope: - version: -

Trust: 0.6

vendor:foscammodel:fi9804wscope:eqversion:2.14.1.120

Trust: 0.6

vendor:foscammodel:fi9805wscope:eqversion:2.14.1.120

Trust: 0.6

vendor:foscammodel:fi9828pscope:eqversion:2.13.1.120

Trust: 0.6

vendor:foscammodel:fi9804pscope:eqversion:2.14.1.120

Trust: 0.6

vendor:foscammodel:fi9828wscope:eqversion:2.13.1.120

Trust: 0.6

vendor:foscammodel:fi9805pscope:eqversion:2.14.1.120

Trust: 0.6

vendor:foscammodel:fi9828pscope:eqversion:2.11.1.133

Trust: 0.6

vendor:foscammodel:fi9805escope:eqversion:2.14.1.120

Trust: 0.6

vendor:foscammodel:fi9826pscope:eqversion:2.11.1.120

Trust: 0.6

vendor:foscammodel:fi9818wscope:eqversion:2.13.2.120

Trust: 0.6

sources: CNVD: CNVD-2018-12143 // JVNDB: JVNDB-2018-008030 // CNNVD: CNNVD-201807-496 // NVD: CVE-2018-6831

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6831
value: HIGH

Trust: 1.0

NVD: CVE-2018-6831
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-12143
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-496
value: HIGH

Trust: 0.6

VULHUB: VHN-136863
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-6831
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-12143
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-136863
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-6831
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-12143 // VULHUB: VHN-136863 // JVNDB: JVNDB-2018-008030 // CNNVD: CNNVD-201807-496 // NVD: CVE-2018-6831

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-136863 // JVNDB: JVNDB-2018-008030 // NVD: CVE-2018-6831

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-496

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201807-496

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008030

PATCH
title:Securing Your Foscam Camera - Important Noticeurl:https://www.foscam.com/company/securing-your-foscam-camera-important-notice.html
Trust: 0.8
title:Fuscom Foscam Camera Command Injection Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/132885
Trust: 0.6
title:Multiple Foscam Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84012
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12143 // 
            
            
            
            JVNDB: JVNDB-2018-008030 // 
            
            
            
            CNNVD: CNNVD-201807-496

EXTERNAL IDS
db:NVDid:CVE-2018-6831
Trust: 3.1
db:JVNDBid:JVNDB-2018-008030
Trust: 0.8
db:CNNVDid:CNNVD-201807-496
Trust: 0.7
db:CNVDid:CNVD-2018-12143
Trust: 0.6
db:VULHUBid:VHN-136863
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12143 // 
            
            
            
            VULHUB: VHN-136863 // 
            
            
            
            JVNDB: JVNDB-2018-008030 // 
            
            
            
            CNNVD: CNNVD-201807-496 // 
            
            
            
            NVD: CVE-2018-6831

REFERENCES
url:https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
Trust: 3.1
url:https://www.foscam.com/company/securing-your-foscam-camera-important-notice.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6831
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6831
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-12143 // 
            
            
            
            VULHUB: VHN-136863 // 
            
            
            
            JVNDB: JVNDB-2018-008030 // 
            
            
            
            CNNVD: CNNVD-201807-496 // 
            
            
            
            NVD: CVE-2018-6831

SOURCES
db:CNVDid:CNVD-2018-12143
db:VULHUBid:VHN-136863
db:JVNDBid:JVNDB-2018-008030
db:CNNVDid:CNNVD-201807-496
db:NVDid:CVE-2018-6831

LAST UPDATE DATE
2024-11-23T22:38:05.481000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12143date:2018-06-27T00:00:00
db:VULHUBid:VHN-136863date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-008030date:2018-10-05T00:00:00
db:CNNVDid:CNNVD-201807-496date:2019-10-23T00:00:00
db:NVDid:CVE-2018-6831date:2024-11-21T04:11:15.770

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12143date:2018-06-27T00:00:00
db:VULHUBid:VHN-136863date:2018-07-09T00:00:00
db:JVNDBid:JVNDB-2018-008030date:2018-10-05T00:00:00
db:CNNVDid:CNNVD-201807-496date:2018-07-09T00:00:00
db:NVDid:CVE-2018-6831date:2018-07-09T17:29:00.260