Details of VAR-201811-0734

ID

VAR-201811-0734

CVE

CVE-2018-19073

TITLE

Foscam C2 and Opticam i5 Operating System Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-04045 // CNNVD: CNNVD-201811-150

DESCRIPTION

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access. Foscam C2 Device and Opticam i5 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Foscam C2 and Opticam i5 are both IP camera products of China Foscam

Trust: 2.25

sources: NVD: CVE-2018-19073 // JVNDB: JVNDB-2018-011688 // CNVD: CNVD-2019-04045 // VULHUB: VHN-129696

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-04045

AFFECTED PRODUCTS

vendor:	opticam	model:	i5 application	scope:	eq	version:	2.21.1.128	Trust: 2.4
vendor:	opticam	model:	i5 system	scope:	eq	version:	1.5.2.11	Trust: 2.4
vendor:	foscam	model:	c2 application	scope:	eq	version:	2.72.1.32	Trust: 1.8
vendor:	foscam	model:	c2 system	scope:	eq	version:	1.11.1.8	Trust: 1.8
vendor:	foscam	model:	c2 devices with application	scope:	eq	version:	2.72.1.32	Trust: 0.6
vendor:	foscam	model:	c2 devices with system	scope:	eq	version:	1.11.1.8	Trust: 0.6
vendor:	foscam	model:	opticam i5 devices with application	scope:	eq	version:	2.21.1.128	Trust: 0.6
vendor:	foscam	model:	opticam i5 devices with system	scope:	eq	version:	1.5.2.11	Trust: 0.6

sources: CNVD: CNVD-2019-04045 // JVNDB: JVNDB-2018-011688 // CNNVD: CNNVD-201811-150 // NVD: CVE-2018-19073

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19073
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-19073
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-04045
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201811-150
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-129696
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-19073
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-04045
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-129696
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19073
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-04045 // VULHUB: VHN-129696 // JVNDB: JVNDB-2018-011688 // CNNVD: CNNVD-201811-150 // NVD: CVE-2018-19073

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-129696 // JVNDB: JVNDB-2018-011688 // NVD: CVE-2018-19073

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-150

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201811-150

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011688

PATCH

title:

url:

https://www.foscam.com/C2.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-011688

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19073	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-011688	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-150	Trust: 0.7
db:	CNVD	id:	CNVD-2019-04045	Trust: 0.6
db:	VULHUB	id:	VHN-129696	Trust: 0.1

sources: CNVD: CNVD-2019-04045 // VULHUB: VHN-129696 // JVNDB: JVNDB-2018-011688 // CNNVD: CNNVD-201811-150 // NVD: CVE-2018-19073

REFERENCES

url:	https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19073	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19073	Trust: 0.8
url:	https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera	Trust: 0.8

sources: CNVD: CNVD-2019-04045 // VULHUB: VHN-129696 // JVNDB: JVNDB-2018-011688 // CNNVD: CNNVD-201811-150 // NVD: CVE-2018-19073

SOURCES

db:	CNVD	id:	CNVD-2019-04045
db:	VULHUB	id:	VHN-129696
db:	JVNDB	id:	JVNDB-2018-011688
db:	CNNVD	id:	CNNVD-201811-150
db:	NVD	id:	CVE-2018-19073

LAST UPDATE DATE

2024-11-23T21:52:39.246000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-04045	date:	2020-03-10T00:00:00
db:	VULHUB	id:	VHN-129696	date:	2018-12-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-011688	date:	2019-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201811-150	date:	2018-11-08T00:00:00
db:	NVD	id:	CVE-2018-19073	date:	2024-11-21T03:57:16.820

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-04045	date:	2019-02-13T00:00:00
db:	VULHUB	id:	VHN-129696	date:	2018-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-011688	date:	2019-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201811-150	date:	2018-11-08T00:00:00
db:	NVD	id:	CVE-2018-19073	date:	2018-11-07T18:29:03.930