Sign-up

ID

VAR-201809-0076


CVE

CVE-2017-2877


TITLE

Foscam C1 Indoor HD Camera Application firmware vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-014274

DESCRIPTION

A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication. Foscam C1 Indoor HD Camera Application firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. There is a factory reset vulnerability in the Multi-Camera interface in FoscamC1IndoorHDCamera that caused the program to fail to implement error detection

Trust: 2.25

sources: NVD: CVE-2017-2877 // JVNDB: JVNDB-2017-014274 // CNVD: CNVD-2017-34269 // VULHUB: VHN-111080

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34269

AFFECTED PRODUCTS

vendor:foscammodel:c1scope:eqversion:2.52.2.43

Trust: 2.4

vendor:foscammodel:systemscope:eqversion:1.9.3.18

Trust: 0.6

vendor:foscammodel:indoor ip camera c1 plug-inscope:eqversion:3.3.0.26

Trust: 0.6

vendor:foscammodel:indoor ip camera c1 applicationscope:eqversion:2.52.2.43

Trust: 0.6

sources: CNVD: CNVD-2017-34269 // JVNDB: JVNDB-2017-014274 // CNNVD: CNNVD-201711-429 // NVD: CVE-2017-2877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2877
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2877
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2877
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-34269
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-429
value: CRITICAL

Trust: 0.6

VULHUB: VHN-111080
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2877
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34269
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111080
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

talos-cna@cisco.com: CVE-2017-2877
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2017-2877
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2017-34269 // VULHUB: VHN-111080 // JVNDB: JVNDB-2017-014274 // CNNVD: CNNVD-201711-429 // NVD: CVE-2017-2877 // NVD: CVE-2017-2877

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-111080 // JVNDB: JVNDB-2017-014274 // NVD: CVE-2017-2877

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-429

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-429

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014274

PATCH
title:Top Pageurl:https://www.foscam.com/
Trust: 0.8
title:FoscamIPVideoCamera reset patch for factory settings vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/106255
Trust: 0.6
title:Foscam IP Video Camera Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76297
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34269 // 
            
            
            
            JVNDB: JVNDB-2017-014274 // 
            
            
            
            CNNVD: CNNVD-201711-429

EXTERNAL IDS
db:TALOSid:TALOS-2017-0384
Trust: 3.1
db:NVDid:CVE-2017-2877
Trust: 3.1
db:JVNDBid:JVNDB-2017-014274
Trust: 0.8
db:CNNVDid:CNNVD-201711-429
Trust: 0.7
db:CNVDid:CNVD-2017-34269
Trust: 0.6
db:SEEBUGid:SSVID-96862
Trust: 0.1
db:VULHUBid:VHN-111080
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34269 // 
            
            
            
            VULHUB: VHN-111080 // 
            
            
            
            JVNDB: JVNDB-2017-014274 // 
            
            
            
            CNNVD: CNNVD-201711-429 // 
            
            
            
            NVD: CVE-2017-2877

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0384
Trust: 2.5
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0384
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2877
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2877
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-34269 // 
            
            
            
            VULHUB: VHN-111080 // 
            
            
            
            JVNDB: JVNDB-2017-014274 // 
            
            
            
            CNNVD: CNNVD-201711-429 // 
            
            
            
            NVD: CVE-2017-2877

CREDITS
Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-429

SOURCES
db:CNVDid:CNVD-2017-34269
db:VULHUBid:VHN-111080
db:JVNDBid:JVNDB-2017-014274
db:CNNVDid:CNNVD-201711-429
db:NVDid:CVE-2017-2877

LAST UPDATE DATE
2024-11-23T22:21:56.527000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34269date:2017-11-17T00:00:00
db:VULHUBid:VHN-111080date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-014274date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201711-429date:2022-07-01T00:00:00
db:NVDid:CVE-2017-2877date:2024-11-21T03:24:22.573

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34269date:2017-11-17T00:00:00
db:VULHUBid:VHN-111080date:2018-09-19T00:00:00
db:JVNDBid:JVNDB-2017-014274date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201711-429date:2017-11-14T00:00:00
db:NVDid:CVE-2017-2877date:2018-09-19T18:29:00.547