Sign-up

ID

VAR-201809-0071


CVE

CVE-2017-2872


TITLE

Foscam C1 Indoor HD Camera Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-014281

DESCRIPTION

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges. Foscam C1 Indoor HD Camera Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. A remote code execution vulnerability exists in recoveryprocedure in FoscamC1IndoorHDCamera that caused the program to fail to perform adequate security monitoring

Trust: 2.25

sources: NVD: CVE-2017-2872 // JVNDB: JVNDB-2017-014281 // CNVD: CNVD-2017-34264 // VULHUB: VHN-111075

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device']sub_category:smart home camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-34264

AFFECTED PRODUCTS

vendor:foscammodel:c1scope:eqversion:2.52.2.43

Trust: 2.4

vendor:foscammodel:systemscope:eqversion:1.9.3.18

Trust: 0.6

vendor:foscammodel:indoor ip camera c1 plug-inscope:eqversion:3.3.0.26

Trust: 0.6

vendor:foscammodel:indoor ip camera c1 applicationscope:eqversion:2.52.2.43

Trust: 0.6

sources: CNVD: CNVD-2017-34264 // JVNDB: JVNDB-2017-014281 // CNNVD: CNNVD-201711-424 // NVD: CVE-2017-2872

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2872
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2872
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2872
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34264
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-424
value: HIGH

Trust: 0.6

VULHUB: VHN-111075
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2872
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34264
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111075
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2872
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2872
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2017-2872
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-34264 // VULHUB: VHN-111075 // JVNDB: JVNDB-2017-014281 // CNNVD: CNNVD-201711-424 // NVD: CVE-2017-2872 // NVD: CVE-2017-2872

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-111075 // JVNDB: JVNDB-2017-014281 // NVD: CVE-2017-2872

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-424

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-424

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014281

PATCH
title:Top Pageurl:https://www.foscam.com/downloads/index.html
Trust: 0.8
title:Patch for FoscamIPVideoCamera Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/106250
Trust: 0.6
title:Foscam IP Video Camera Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76292
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34264 // 
            
            
            
            JVNDB: JVNDB-2017-014281 // 
            
            
            
            CNNVD: CNNVD-201711-424

EXTERNAL IDS
db:NVDid:CVE-2017-2872
Trust: 3.2
db:TALOSid:TALOS-2017-0379
Trust: 3.1
db:JVNDBid:JVNDB-2017-014281
Trust: 0.8
db:CNNVDid:CNNVD-201711-424
Trust: 0.7
db:CNVDid:CNVD-2017-34264
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:SEEBUGid:SSVID-96856
Trust: 0.1
db:VULHUBid:VHN-111075
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-34264 // 
            
            
            
            VULHUB: VHN-111075 // 
            
            
            
            JVNDB: JVNDB-2017-014281 // 
            
            
            
            CNNVD: CNNVD-201711-424 // 
            
            
            
            NVD: CVE-2017-2872

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0379
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2872
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2872
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0379
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-34264 // 
            
            
            
            VULHUB: VHN-111075 // 
            
            
            
            JVNDB: JVNDB-2017-014281 // 
            
            
            
            CNNVD: CNNVD-201711-424 // 
            
            
            
            NVD: CVE-2017-2872

CREDITS
Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-424

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2017-34264
db:VULHUBid:VHN-111075
db:JVNDBid:JVNDB-2017-014281
db:CNNVDid:CNNVD-201711-424
db:NVDid:CVE-2017-2872

LAST UPDATE DATE
2025-01-30T20:28:15.922000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34264date:2017-11-17T00:00:00
db:VULHUBid:VHN-111075date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-014281date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201711-424date:2022-07-01T00:00:00
db:NVDid:CVE-2017-2872date:2024-11-21T03:24:21.960

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34264date:2017-11-17T00:00:00
db:VULHUBid:VHN-111075date:2018-09-17T00:00:00
db:JVNDBid:JVNDB-2017-014281date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201711-424date:2017-11-14T00:00:00
db:NVDid:CVE-2017-2872date:2018-09-17T20:29:00.790