Details of VAR-201811-0739

ID

VAR-201811-0739

CVE

CVE-2018-19078

TITLE

Foscam Opticam i5 Vulnerabilities related to certificate and password management in device system firmware and application firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-011911

DESCRIPTION

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. Foscam Opticam i5 There are vulnerabilities related to certificate and password management in the system firmware and application firmware of devices.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)

Trust: 2.25

sources: NVD: CVE-2018-19078 // JVNDB: JVNDB-2018-011911 // CNVD: CNVD-2018-22818 // VULHUB: VHN-129701

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-22818

AFFECTED PRODUCTS

vendor:	opticam	model:	i5 application	scope:	eq	version:	2.21.1.128	Trust: 2.4
vendor:	opticam	model:	i5 system	scope:	eq	version:	1.5.2.11	Trust: 2.4
vendor:	foscam	model:	c2 application	scope:	eq	version:	2.72.1.32	Trust: 1.0
vendor:	foscam	model:	c2 system	scope:	eq	version:	1.11.1.8	Trust: 1.0
vendor:	foscam	model:	c2 application	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	c2 system	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	opticam i5 application	scope:	eq	version:	2.21.1.128	Trust: 0.6
vendor:	foscam	model:	opticam i5 system	scope:	eq	version:	1.5.2.11	Trust: 0.6

sources: CNVD: CNVD-2018-22818 // JVNDB: JVNDB-2018-011911 // CNNVD: CNNVD-201811-155 // NVD: CVE-2018-19078

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19078
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-19078
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-22818
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201811-155
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-129701
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-19078
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-22818
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-129701
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19078
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-22818 // VULHUB: VHN-129701 // JVNDB: JVNDB-2018-011911 // CNNVD: CNNVD-201811-155 // NVD: CVE-2018-19078

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-129701 // JVNDB: JVNDB-2018-011911 // NVD: CVE-2018-19078

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-155

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201811-155

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011911

PATCH

title:

url:

https://www.foscam.com/C2.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-011911

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19078	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-011911	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-155	Trust: 0.7
db:	CNVD	id:	CNVD-2018-22818	Trust: 0.6
db:	VULHUB	id:	VHN-129701	Trust: 0.1

sources: CNVD: CNVD-2018-22818 // VULHUB: VHN-129701 // JVNDB: JVNDB-2018-011911 // CNNVD: CNNVD-201811-155 // NVD: CVE-2018-19078

REFERENCES

url:	https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19078	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19078	Trust: 0.8
url:	https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera	Trust: 0.8

sources: CNVD: CNVD-2018-22818 // VULHUB: VHN-129701 // JVNDB: JVNDB-2018-011911 // CNNVD: CNNVD-201811-155 // NVD: CVE-2018-19078

SOURCES

db:	CNVD	id:	CNVD-2018-22818
db:	VULHUB	id:	VHN-129701
db:	JVNDB	id:	JVNDB-2018-011911
db:	CNNVD	id:	CNNVD-201811-155
db:	NVD	id:	CVE-2018-19078

LAST UPDATE DATE

2024-11-23T22:17:15.431000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-22818	date:	2018-11-09T00:00:00
db:	VULHUB	id:	VHN-129701	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-011911	date:	2019-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201811-155	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-19078	date:	2024-11-21T03:57:17.623

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-22818	date:	2018-11-09T00:00:00
db:	VULHUB	id:	VHN-129701	date:	2018-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-011911	date:	2019-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201811-155	date:	2018-11-08T00:00:00
db:	NVD	id:	CVE-2018-19078	date:	2018-11-07T18:29:05.853