Details of VAR-201811-0733

ID

VAR-201811-0733

CVE

CVE-2018-19072

TITLE

Foscam C2 Device and Opticam i5 Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-011689

DESCRIPTION

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An archive file replacement vulnerability exists in FoscamC2 and Opticami5 devices that can be exploited by local attackers to replace archived files

Trust: 2.25

sources: NVD: CVE-2018-19072 // JVNDB: JVNDB-2018-011689 // CNVD: CNVD-2019-04046 // VULHUB: VHN-129695

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-04046

AFFECTED PRODUCTS

vendor:	opticam	model:	i5 application	scope:	eq	version:	2.21.1.128	Trust: 2.4
vendor:	opticam	model:	i5 system	scope:	eq	version:	1.5.2.11	Trust: 2.4
vendor:	foscam	model:	c2 application	scope:	eq	version:	2.72.1.32	Trust: 1.8
vendor:	foscam	model:	c2 system	scope:	eq	version:	1.11.1.8	Trust: 1.8
vendor:	foscam	model:	c2 devices with system	scope:	eq	version:	1.11.1.8	Trust: 0.6
vendor:	foscam	model:	c2 devices with application	scope:	eq	version:	2.72.1.32	Trust: 0.6
vendor:	foscam	model:	opticam i5 devices with system	scope:	eq	version:	1.5.2.11	Trust: 0.6
vendor:	foscam	model:	opticam i5 devices with application	scope:	eq	version:	2.21.1.128	Trust: 0.6

sources: CNVD: CNVD-2019-04046 // JVNDB: JVNDB-2018-011689 // CNNVD: CNNVD-201811-149 // NVD: CVE-2018-19072

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19072
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-19072
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-04046
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201811-149
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-129695
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-19072
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-04046
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-129695
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19072
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-04046 // VULHUB: VHN-129695 // JVNDB: JVNDB-2018-011689 // CNNVD: CNNVD-201811-149 // NVD: CVE-2018-19072

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-129695 // JVNDB: JVNDB-2018-011689 // NVD: CVE-2018-19072

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201811-149

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201811-149

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011689

PATCH

title:

url:

https://www.foscam.com/C2.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-011689

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19072	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-011689	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-149	Trust: 0.7
db:	CNVD	id:	CNVD-2019-04046	Trust: 0.6
db:	VULHUB	id:	VHN-129695	Trust: 0.1

sources: CNVD: CNVD-2019-04046 // VULHUB: VHN-129695 // JVNDB: JVNDB-2018-011689 // CNNVD: CNNVD-201811-149 // NVD: CVE-2018-19072

REFERENCES

url:	https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19072	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19072	Trust: 0.8
url:	https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera	Trust: 0.8

sources: CNVD: CNVD-2019-04046 // VULHUB: VHN-129695 // JVNDB: JVNDB-2018-011689 // CNNVD: CNNVD-201811-149 // NVD: CVE-2018-19072

SOURCES

db:	CNVD	id:	CNVD-2019-04046
db:	VULHUB	id:	VHN-129695
db:	JVNDB	id:	JVNDB-2018-011689
db:	CNNVD	id:	CNNVD-201811-149
db:	NVD	id:	CVE-2018-19072

LAST UPDATE DATE

2024-11-23T22:30:11.210000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-04046	date:	2019-02-13T00:00:00
db:	VULHUB	id:	VHN-129695	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-011689	date:	2019-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201811-149	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-19072	date:	2024-11-21T03:57:16.663

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-04046	date:	2019-02-13T00:00:00
db:	VULHUB	id:	VHN-129695	date:	2018-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-011689	date:	2019-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201811-149	date:	2018-11-08T00:00:00
db:	NVD	id:	CVE-2018-19072	date:	2018-11-07T18:29:03.697