Sign-up

ID

VAR-201809-0081


CVE

CVE-2017-2856


TITLE

Foscam C1 Indoor HD Camera Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014272

DESCRIPTION

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. DDNSclient is one of the dynamic domain name service clients

Trust: 2.25

sources: NVD: CVE-2017-2856 // JVNDB: JVNDB-2017-014272 // CNVD: CNVD-2017-34262 // VULHUB: VHN-111059

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device']sub_category:smart home camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-34262

AFFECTED PRODUCTS

vendor:foscammodel:c1scope:eqversion:2.52.2.43

Trust: 2.4

vendor:foscammodel:systemscope:eqversion:1.9.3.18

Trust: 0.6

vendor:foscammodel:indoor ip camera c1 plug-inscope:eqversion:3.3.0.26

Trust: 0.6

vendor:foscammodel:indoor ip camera c1 applicationscope:eqversion:2.52.2.43

Trust: 0.6

sources: CNVD: CNVD-2017-34262 // JVNDB: JVNDB-2017-014272 // CNNVD: CNNVD-201711-422 // NVD: CVE-2017-2856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2856
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2856
value: HIGH

Trust: 1.0

NVD: CVE-2017-2856
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34262
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-422
value: HIGH

Trust: 0.6

VULHUB: VHN-111059
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2856
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34262
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111059
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

talos-cna@cisco.com: CVE-2017-2856
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2017-2856
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2017-34262 // VULHUB: VHN-111059 // JVNDB: JVNDB-2017-014272 // CNNVD: CNNVD-201711-422 // NVD: CVE-2017-2856 // NVD: CVE-2017-2856

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-111059 // JVNDB: JVNDB-2017-014272 // NVD: CVE-2017-2856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-422

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201711-422

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014272

PATCH
title:Top Pageurl:http://www.foscam.com/downloads/index.html
Trust: 0.8
title:Patch for FoscamC1IndoorHDCameraDDNS Client Buffer Overflow Vulnerability (CNVD-2017-34262)url:https://www.cnvd.org.cn/patchInfo/show/106248
Trust: 0.6
title:Foscam C1 Indoor HD Camera DDNS Fixes for client buffer error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76290
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34262 // 
            
            
            
            JVNDB: JVNDB-2017-014272 // 
            
            
            
            CNNVD: CNNVD-201711-422

EXTERNAL IDS
db:NVDid:CVE-2017-2856
Trust: 3.2
db:TALOSid:TALOS-2017-0359
Trust: 3.1
db:JVNDBid:JVNDB-2017-014272
Trust: 0.8
db:CNNVDid:CNNVD-201711-422
Trust: 0.7
db:CNVDid:CNVD-2017-34262
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:SEEBUGid:SSVID-96855
Trust: 0.1
db:VULHUBid:VHN-111059
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-34262 // 
            
            
            
            VULHUB: VHN-111059 // 
            
            
            
            JVNDB: JVNDB-2017-014272 // 
            
            
            
            CNNVD: CNNVD-201711-422 // 
            
            
            
            NVD: CVE-2017-2856

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0359
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2856
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2856
Trust: 0.8
url:https://www.talosintelligence.com/reports/talos-2017-0359/
Trust: 0.6
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0359
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-34262 // 
            
            
            
            VULHUB: VHN-111059 // 
            
            
            
            JVNDB: JVNDB-2017-014272 // 
            
            
            
            CNNVD: CNNVD-201711-422 // 
            
            
            
            NVD: CVE-2017-2856

CREDITS
Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-422

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2017-34262
db:VULHUBid:VHN-111059
db:JVNDBid:JVNDB-2017-014272
db:CNNVDid:CNNVD-201711-422
db:NVDid:CVE-2017-2856

LAST UPDATE DATE
2025-01-30T22:27:59.146000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34262date:2017-11-17T00:00:00
db:VULHUBid:VHN-111059date:2018-11-19T00:00:00
db:JVNDBid:JVNDB-2017-014272date:2018-12-17T00:00:00
db:CNNVDid:CNNVD-201711-422date:2022-06-08T00:00:00
db:NVDid:CVE-2017-2856date:2024-11-21T03:24:20.193

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34262date:2017-11-17T00:00:00
db:VULHUBid:VHN-111059date:2018-09-17T00:00:00
db:JVNDBid:JVNDB-2017-014272date:2018-12-17T00:00:00
db:CNNVDid:CNNVD-201711-422date:2017-11-14T00:00:00
db:NVDid:CVE-2017-2856date:2018-09-17T20:29:00.523