Details of VAR-201811-0740

ID

VAR-201811-0740

CVE

CVE-2018-19079

TITLE

Foscam Opticam i5 Vulnerability related to input verification in device system firmware and application firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-011914

DESCRIPTION

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. Foscam Opticam i5 There is an input validation vulnerability in the device system firmware and application firmware.Service operation interruption (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM). This vulnerability could be exploited by an unauthenticated attacker to cause a device reboot

Trust: 2.25

sources: NVD: CVE-2018-19079 // JVNDB: JVNDB-2018-011914 // CNVD: CNVD-2018-22819 // VULHUB: VHN-129702

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-22819

AFFECTED PRODUCTS

vendor:	opticam	model:	i5 application	scope:	eq	version:	2.21.1.128	Trust: 2.4
vendor:	opticam	model:	i5 system	scope:	eq	version:	1.5.2.11	Trust: 2.4
vendor:	foscam	model:	c2 application	scope:	eq	version:	2.72.1.32	Trust: 1.0
vendor:	foscam	model:	c2 system	scope:	eq	version:	1.11.1.8	Trust: 1.0
vendor:	foscam	model:	c2 application	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	c2 system	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	opticam i5 application	scope:	eq	version:	2.21.1.128	Trust: 0.6
vendor:	foscam	model:	opticam i5 system	scope:	eq	version:	1.5.2.11	Trust: 0.6

sources: CNVD: CNVD-2018-22819 // JVNDB: JVNDB-2018-011914 // CNNVD: CNNVD-201811-156 // NVD: CVE-2018-19079

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19079
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-19079
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-22819
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201811-156
value:	HIGH
Trust: 0.6
VULHUB:	VHN-129702
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-19079
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-22819
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-129702
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19079
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-22819 // VULHUB: VHN-129702 // JVNDB: JVNDB-2018-011914 // CNNVD: CNNVD-201811-156 // NVD: CVE-2018-19079

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	CWE-862	Trust: 1.1
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-129702 // JVNDB: JVNDB-2018-011914 // NVD: CVE-2018-19079

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-156

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201811-156

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011914

PATCH

title:

url:

https://www.foscam.com/C2.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-011914

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19079	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-011914	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-156	Trust: 0.7
db:	CNVD	id:	CNVD-2018-22819	Trust: 0.6
db:	VULHUB	id:	VHN-129702	Trust: 0.1

sources: CNVD: CNVD-2018-22819 // VULHUB: VHN-129702 // JVNDB: JVNDB-2018-011914 // CNNVD: CNNVD-201811-156 // NVD: CVE-2018-19079

REFERENCES

url:	https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19079	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19079	Trust: 0.8
url:	https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera	Trust: 0.8

sources: CNVD: CNVD-2018-22819 // VULHUB: VHN-129702 // JVNDB: JVNDB-2018-011914 // CNNVD: CNNVD-201811-156 // NVD: CVE-2018-19079

SOURCES

db:	CNVD	id:	CNVD-2018-22819
db:	VULHUB	id:	VHN-129702
db:	JVNDB	id:	JVNDB-2018-011914
db:	CNNVD	id:	CNNVD-201811-156
db:	NVD	id:	CVE-2018-19079

LAST UPDATE DATE

2024-11-23T23:01:59.062000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-22819	date:	2018-11-09T00:00:00
db:	VULHUB	id:	VHN-129702	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-011914	date:	2019-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201811-156	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-19079	date:	2024-11-21T03:57:17.780

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-22819	date:	2018-11-09T00:00:00
db:	VULHUB	id:	VHN-129702	date:	2018-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-011914	date:	2019-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201811-156	date:	2018-11-08T00:00:00
db:	NVD	id:	CVE-2018-19079	date:	2018-11-07T18:29:06.353