Sign-up

ID

VAR-201809-0072


CVE

CVE-2017-2873


TITLE

Foscam C1 Indoor HD Camera Application firmware vulnerability in some application firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-014276

DESCRIPTION

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam

Trust: 2.25

sources: NVD: CVE-2017-2873 // JVNDB: JVNDB-2017-014276 // CNVD: CNVD-2017-34265 // VULHUB: VHN-111076

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device']sub_category:smart home camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-34265

AFFECTED PRODUCTS

vendor:foscammodel:c1scope:eqversion:2.52.2.43

Trust: 2.4

vendor:foscammodel:systemscope:eqversion:1.9.3.18

Trust: 0.6

vendor:foscammodel:indoor ip camera c1 plug-inscope:eqversion:3.3.0.26

Trust: 0.6

vendor:foscammodel:indoor ip camera c1 applicationscope:eqversion:2.52.2.43

Trust: 0.6

sources: CNVD: CNVD-2017-34265 // JVNDB: JVNDB-2017-014276 // CNNVD: CNNVD-201711-425 // NVD: CVE-2017-2873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2873
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2873
value: HIGH

Trust: 1.0

NVD: CVE-2017-2873
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34265
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-425
value: HIGH

Trust: 0.6

VULHUB: VHN-111076
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2873
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34265
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111076
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2873
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2873
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2017-2873
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-34265 // VULHUB: VHN-111076 // JVNDB: JVNDB-2017-014276 // CNNVD: CNNVD-201711-425 // NVD: CVE-2017-2873 // NVD: CVE-2017-2873

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-111076 // JVNDB: JVNDB-2017-014276 // NVD: CVE-2017-2873

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-425

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-425

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014276

PATCH
title:Top Pageurl:https://www.foscam.com/
Trust: 0.8
title:FoscamIPVideoCamera command to inject vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/106251
Trust: 0.6
title:Foscam IP Video Camera Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76293
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34265 // 
            
            
            
            JVNDB: JVNDB-2017-014276 // 
            
            
            
            CNNVD: CNNVD-201711-425

EXTERNAL IDS
db:NVDid:CVE-2017-2873
Trust: 3.2
db:TALOSid:TALOS-2017-0380
Trust: 3.1
db:JVNDBid:JVNDB-2017-014276
Trust: 0.8
db:CNNVDid:CNNVD-201711-425
Trust: 0.7
db:CNVDid:CNVD-2017-34265
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:SEEBUGid:SSVID-96859
Trust: 0.1
db:VULHUBid:VHN-111076
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-34265 // 
            
            
            
            VULHUB: VHN-111076 // 
            
            
            
            JVNDB: JVNDB-2017-014276 // 
            
            
            
            CNNVD: CNNVD-201711-425 // 
            
            
            
            NVD: CVE-2017-2873

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0380
Trust: 2.5
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0380
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2873
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2873
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-34265 // 
            
            
            
            VULHUB: VHN-111076 // 
            
            
            
            JVNDB: JVNDB-2017-014276 // 
            
            
            
            CNNVD: CNNVD-201711-425 // 
            
            
            
            NVD: CVE-2017-2873

CREDITS
Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-425

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2017-34265
db:VULHUBid:VHN-111076
db:JVNDBid:JVNDB-2017-014276
db:CNNVDid:CNNVD-201711-425
db:NVDid:CVE-2017-2873

LAST UPDATE DATE
2025-01-30T20:44:11.203000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34265date:2017-11-17T00:00:00
db:VULHUBid:VHN-111076date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-014276date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201711-425date:2022-07-01T00:00:00
db:NVDid:CVE-2017-2873date:2024-11-21T03:24:22.073

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34265date:2017-11-17T00:00:00
db:VULHUBid:VHN-111076date:2018-09-19T00:00:00
db:JVNDBid:JVNDB-2017-014276date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201711-425date:2017-11-14T00:00:00
db:NVDid:CVE-2017-2873date:2018-09-19T18:29:00.343