Details of VAR-201811-0735

ID

VAR-201811-0735

CVE

CVE-2018-19074

TITLE

Foscam C2 Device and Opticam i5 Device access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011687

DESCRIPTION

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88. Foscam C2 Device and Opticam i5 The device contains an access control vulnerability.Information may be tampered with. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A firewall invalidation vulnerability exists in the FoscamC2 and Opticami5 devices. The vulnerability stems from the firewall blocking only ports 443 and 88, which can be exploited by remote attackers to control devices

Trust: 2.25

sources: NVD: CVE-2018-19074 // JVNDB: JVNDB-2018-011687 // CNVD: CNVD-2019-04044 // VULHUB: VHN-129697

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-04044

AFFECTED PRODUCTS

vendor:	opticam	model:	i5 application	scope:	eq	version:	2.21.1.128	Trust: 2.4
vendor:	opticam	model:	i5 system	scope:	eq	version:	1.5.2.11	Trust: 2.4
vendor:	foscam	model:	c2 application	scope:	eq	version:	2.72.1.32	Trust: 1.8
vendor:	foscam	model:	c2 system	scope:	eq	version:	1.11.1.8	Trust: 1.8
vendor:	foscam	model:	c2 devices with system	scope:	eq	version:	1.11.1.8	Trust: 0.6
vendor:	foscam	model:	c2 devices with application	scope:	eq	version:	2.72.1.32	Trust: 0.6
vendor:	foscam	model:	opticam i5 devices with system	scope:	eq	version:	1.5.2.11	Trust: 0.6
vendor:	foscam	model:	opticam i5 devices with application	scope:	eq	version:	2.21.1.128	Trust: 0.6

sources: CNVD: CNVD-2019-04044 // JVNDB: JVNDB-2018-011687 // CNNVD: CNNVD-201811-151 // NVD: CVE-2018-19074

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19074
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-19074
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-04044
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201811-151
value:	HIGH
Trust: 0.6
VULHUB:	VHN-129697
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-19074
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-04044
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-129697
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19074
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-04044 // VULHUB: VHN-129697 // JVNDB: JVNDB-2018-011687 // CNNVD: CNNVD-201811-151 // NVD: CVE-2018-19074

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-129697 // JVNDB: JVNDB-2018-011687 // NVD: CVE-2018-19074

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-151

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201811-151

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011687

PATCH

title:

url:

https://www.foscam.com/C2.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-011687

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19074	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-011687	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-151	Trust: 0.7
db:	CNVD	id:	CNVD-2019-04044	Trust: 0.6
db:	VULHUB	id:	VHN-129697	Trust: 0.1

sources: CNVD: CNVD-2019-04044 // VULHUB: VHN-129697 // JVNDB: JVNDB-2018-011687 // CNNVD: CNNVD-201811-151 // NVD: CVE-2018-19074

REFERENCES

url:	https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19074	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19074	Trust: 0.8
url:	https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera	Trust: 0.8

sources: CNVD: CNVD-2019-04044 // VULHUB: VHN-129697 // JVNDB: JVNDB-2018-011687 // CNNVD: CNNVD-201811-151 // NVD: CVE-2018-19074

SOURCES

db:	CNVD	id:	CNVD-2019-04044
db:	VULHUB	id:	VHN-129697
db:	JVNDB	id:	JVNDB-2018-011687
db:	CNNVD	id:	CNNVD-201811-151
db:	NVD	id:	CVE-2018-19074

LAST UPDATE DATE

2024-11-23T22:41:39.013000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-04044	date:	2019-02-13T00:00:00
db:	VULHUB	id:	VHN-129697	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-011687	date:	2019-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201811-151	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-19074	date:	2024-11-21T03:57:16.977

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-04044	date:	2019-02-13T00:00:00
db:	VULHUB	id:	VHN-129697	date:	2018-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-011687	date:	2019-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201811-151	date:	2018-11-08T00:00:00
db:	NVD	id:	CVE-2018-19074	date:	2018-11-07T18:29:04.303