Sign-up

ID

VAR-201811-0732


CVE

CVE-2018-19071


TITLE

Foscam C2 Device and Opticam i5 Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-011690

DESCRIPTION

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up. Foscam C2 Device and Opticam i5 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). Security vulnerabilities exist in Foscam C2 and Opticam i5 devices

Trust: 2.34

sources: NVD: CVE-2018-19071 // JVNDB: JVNDB-2018-011690 // CNVD: CNVD-2019-04050 // VULHUB: VHN-129694 // VULMON: CVE-2018-19071

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-04050

AFFECTED PRODUCTS

vendor:opticammodel:i5 applicationscope:eqversion:2.21.1.128

Trust: 2.4

vendor:opticammodel:i5 systemscope:eqversion:1.5.2.11

Trust: 2.4

vendor:foscammodel:c2 applicationscope:eqversion:2.72.1.32

Trust: 1.8

vendor:foscammodel:c2 systemscope:eqversion:1.11.1.8

Trust: 1.8

vendor:foscammodel:c2 devices with systemscope:eqversion:1.11.1.8

Trust: 0.6

vendor:foscammodel:c2 devices with applicationscope:eqversion:2.72.1.32

Trust: 0.6

vendor:foscammodel:opticam i5 devices with systemscope:eqversion:1.5.2.11

Trust: 0.6

vendor:foscammodel:opticam i5 devices with applicationscope:eqversion:2.21.1.128

Trust: 0.6

sources: CNVD: CNVD-2019-04050 // JVNDB: JVNDB-2018-011690 // CNNVD: CNNVD-201811-148 // NVD: CVE-2018-19071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19071
value: HIGH

Trust: 1.0

NVD: CVE-2018-19071
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-04050
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201811-148
value: HIGH

Trust: 0.6

VULHUB: VHN-129694
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-19071
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-19071
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-04050
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-129694
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-19071
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-04050 // VULHUB: VHN-129694 // VULMON: CVE-2018-19071 // JVNDB: JVNDB-2018-011690 // CNNVD: CNNVD-201811-148 // NVD: CVE-2018-19071

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-129694 // JVNDB: JVNDB-2018-011690 // NVD: CVE-2018-19071

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201811-148

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201811-148

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011690

PATCH
title:C2url:https://www.foscam.com/C2.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011690

EXTERNAL IDS
db:NVDid:CVE-2018-19071
Trust: 3.2
db:JVNDBid:JVNDB-2018-011690
Trust: 0.8
db:CNNVDid:CNNVD-201811-148
Trust: 0.7
db:CNVDid:CNVD-2019-04050
Trust: 0.6
db:VULHUBid:VHN-129694
Trust: 0.1
db:VULMONid:CVE-2018-19071
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-04050 // 
            
            
            
            VULHUB: VHN-129694 // 
            
            
            
            VULMON: CVE-2018-19071 // 
            
            
            
            JVNDB: JVNDB-2018-011690 // 
            
            
            
            CNNVD: CNNVD-201811-148 // 
            
            
            
            NVD: CVE-2018-19071

REFERENCES
url:https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-19071
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19071
Trust: 0.8
url:https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/732.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-04050 // 
            
            
            
            VULHUB: VHN-129694 // 
            
            
            
            VULMON: CVE-2018-19071 // 
            
            
            
            JVNDB: JVNDB-2018-011690 // 
            
            
            
            CNNVD: CNNVD-201811-148 // 
            
            
            
            NVD: CVE-2018-19071

SOURCES
db:CNVDid:CNVD-2019-04050
db:VULHUBid:VHN-129694
db:VULMONid:CVE-2018-19071
db:JVNDBid:JVNDB-2018-011690
db:CNNVDid:CNNVD-201811-148
db:NVDid:CVE-2018-19071

LAST UPDATE DATE
2024-11-23T23:08:32.904000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-04050date:2019-02-14T00:00:00
db:VULHUBid:VHN-129694date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-19071date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011690date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-148date:2019-10-23T00:00:00
db:NVDid:CVE-2018-19071date:2024-11-21T03:57:16.513

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-04050date:2019-02-14T00:00:00
db:VULHUBid:VHN-129694date:2018-11-07T00:00:00
db:VULMONid:CVE-2018-19071date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-011690date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-148date:2018-11-08T00:00:00
db:NVDid:CVE-2018-19071date:2018-11-07T18:29:03.397