Sign-up

ID

VAR-201811-0820


CVE

CVE-2018-19063


TITLE

Foscam C2 Devices and Opticam i5 Vulnerability in using hard-coded credentials on device

Trust: 0.8

sources: JVNDB: JVNDB-2018-011648

DESCRIPTION

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password. Foscam C2 Devices and Opticam i5 The device is vulnerable to the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). The vulnerability stems from the use of a null password in the admin account, which an attacker can use to control the device

Trust: 2.34

sources: NVD: CVE-2018-19063 // JVNDB: JVNDB-2018-011648 // CNVD: CNVD-2019-04049 // VULHUB: VHN-129685 // VULMON: CVE-2018-19063

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-04049

AFFECTED PRODUCTS

vendor:opticammodel:i5 applicationscope:eqversion:2.21.1.128

Trust: 2.4

vendor:opticammodel:i5 systemscope:eqversion:1.5.2.11

Trust: 2.4

vendor:foscammodel:c2 applicationscope:eqversion:2.72.1.32

Trust: 1.8

vendor:foscammodel:c2 systemscope:eqversion:1.11.1.8

Trust: 1.8

vendor:foscammodel:c2 devices with systemscope:eqversion:1.11.1.8

Trust: 0.6

vendor:foscammodel:c2 devices with applicationscope:eqversion:2.72.1.32

Trust: 0.6

vendor:foscammodel:opticam i5 devices with systemscope:eqversion:1.5.2.11

Trust: 0.6

vendor:foscammodel:opticam i5 devices with applicationscope:eqversion:2.21.1.128

Trust: 0.6

sources: CNVD: CNVD-2019-04049 // JVNDB: JVNDB-2018-011648 // CNNVD: CNNVD-201811-140 // NVD: CVE-2018-19063

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19063
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-19063
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-04049
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-140
value: CRITICAL

Trust: 0.6

VULHUB: VHN-129685
value: HIGH

Trust: 0.1

VULMON: CVE-2018-19063
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-19063
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-04049
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-129685
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-19063
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-04049 // VULHUB: VHN-129685 // VULMON: CVE-2018-19063 // JVNDB: JVNDB-2018-011648 // CNNVD: CNNVD-201811-140 // NVD: CVE-2018-19063

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-129685 // JVNDB: JVNDB-2018-011648 // NVD: CVE-2018-19063

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-140

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201811-140

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011648

PATCH
title:C2url:https://www.foscam.com/C2.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011648

EXTERNAL IDS
db:NVDid:CVE-2018-19063
Trust: 3.2
db:JVNDBid:JVNDB-2018-011648
Trust: 0.8
db:CNVDid:CNVD-2019-04049
Trust: 0.6
db:CNNVDid:CNNVD-201811-140
Trust: 0.6
db:VULHUBid:VHN-129685
Trust: 0.1
db:VULMONid:CVE-2018-19063
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-04049 // 
            
            
            
            VULHUB: VHN-129685 // 
            
            
            
            VULMON: CVE-2018-19063 // 
            
            
            
            JVNDB: JVNDB-2018-011648 // 
            
            
            
            CNNVD: CNNVD-201811-140 // 
            
            
            
            NVD: CVE-2018-19063

REFERENCES
url:https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-19063
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19063
Trust: 0.8
url:https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-04049 // 
            
            
            
            VULHUB: VHN-129685 // 
            
            
            
            VULMON: CVE-2018-19063 // 
            
            
            
            JVNDB: JVNDB-2018-011648 // 
            
            
            
            CNNVD: CNNVD-201811-140 // 
            
            
            
            NVD: CVE-2018-19063

SOURCES
db:CNVDid:CNVD-2019-04049
db:VULHUBid:VHN-129685
db:VULMONid:CVE-2018-19063
db:JVNDBid:JVNDB-2018-011648
db:CNNVDid:CNNVD-201811-140
db:NVDid:CVE-2018-19063

LAST UPDATE DATE
2024-11-23T22:26:06.867000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-04049date:2019-02-14T00:00:00
db:VULHUBid:VHN-129685date:2018-12-11T00:00:00
db:VULMONid:CVE-2018-19063date:2018-12-11T00:00:00
db:JVNDBid:JVNDB-2018-011648date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-140date:2018-11-08T00:00:00
db:NVDid:CVE-2018-19063date:2024-11-21T03:57:15.283

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-04049date:2019-02-14T00:00:00
db:VULHUBid:VHN-129685date:2018-11-07T00:00:00
db:VULMONid:CVE-2018-19063date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-011648date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-140date:2018-11-08T00:00:00
db:NVDid:CVE-2018-19063date:2018-11-07T18:29:00.523