Sign-up

ID

VAR-201811-0821


CVE

CVE-2018-19064


TITLE

Foscam C2 Device and Opticam i5 Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-011649

DESCRIPTION

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. Foscam C2 Device and Opticam i5 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An encryption vulnerability exists in the FoscamC2 and Opticami5 devices. The vulnerability stems from the use of a null password (not modifiable) on the ftpuser1 account, which an attacker can use to control the device

Trust: 2.34

sources: NVD: CVE-2018-19064 // JVNDB: JVNDB-2018-011649 // CNVD: CNVD-2019-04048 // VULHUB: VHN-129686 // VULMON: CVE-2018-19064

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-04048

AFFECTED PRODUCTS

vendor:opticammodel:i5 applicationscope:eqversion:2.21.1.128

Trust: 2.4

vendor:opticammodel:i5 systemscope:eqversion:1.5.2.11

Trust: 2.4

vendor:foscammodel:c2 applicationscope:eqversion:2.72.1.32

Trust: 1.8

vendor:foscammodel:c2 systemscope:eqversion:1.11.1.8

Trust: 1.8

vendor:foscammodel:c2 devices with systemscope:eqversion:1.11.1.8

Trust: 0.6

vendor:foscammodel:c2 devices with applicationscope:eqversion:2.72.1.32

Trust: 0.6

vendor:foscammodel:opticam i5 devices with systemscope:eqversion:1.5.2.11

Trust: 0.6

vendor:foscammodel:opticam i5 devices with applicationscope:eqversion:2.21.1.128

Trust: 0.6

sources: CNVD: CNVD-2019-04048 // JVNDB: JVNDB-2018-011649 // CNNVD: CNNVD-201811-141 // NVD: CVE-2018-19064

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19064
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-19064
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-04048
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-141
value: CRITICAL

Trust: 0.6

VULHUB: VHN-129686
value: HIGH

Trust: 0.1

VULMON: CVE-2018-19064
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-19064
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-04048
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-129686
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-19064
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-04048 // VULHUB: VHN-129686 // VULMON: CVE-2018-19064 // JVNDB: JVNDB-2018-011649 // CNNVD: CNNVD-201811-141 // NVD: CVE-2018-19064

PROBLEMTYPE DATA

problemtype:CWE-521

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-129686 // JVNDB: JVNDB-2018-011649 // NVD: CVE-2018-19064

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-141

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201811-141

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011649

PATCH
title:C2url:https://www.foscam.com/C2.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011649

EXTERNAL IDS
db:NVDid:CVE-2018-19064
Trust: 3.2
db:JVNDBid:JVNDB-2018-011649
Trust: 0.8
db:CNVDid:CNVD-2019-04048
Trust: 0.6
db:CNNVDid:CNNVD-201811-141
Trust: 0.6
db:VULHUBid:VHN-129686
Trust: 0.1
db:VULMONid:CVE-2018-19064
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-04048 // 
            
            
            
            VULHUB: VHN-129686 // 
            
            
            
            VULMON: CVE-2018-19064 // 
            
            
            
            JVNDB: JVNDB-2018-011649 // 
            
            
            
            CNNVD: CNNVD-201811-141 // 
            
            
            
            NVD: CVE-2018-19064

REFERENCES
url:https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-19064
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19064
Trust: 0.8
url:https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/521.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-04048 // 
            
            
            
            VULHUB: VHN-129686 // 
            
            
            
            VULMON: CVE-2018-19064 // 
            
            
            
            JVNDB: JVNDB-2018-011649 // 
            
            
            
            CNNVD: CNNVD-201811-141 // 
            
            
            
            NVD: CVE-2018-19064

SOURCES
db:CNVDid:CNVD-2019-04048
db:VULHUBid:VHN-129686
db:VULMONid:CVE-2018-19064
db:JVNDBid:JVNDB-2018-011649
db:CNNVDid:CNNVD-201811-141
db:NVDid:CVE-2018-19064

LAST UPDATE DATE
2024-11-23T23:11:57.987000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-04048date:2019-02-14T00:00:00
db:VULHUBid:VHN-129686date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-19064date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011649date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-141date:2019-10-23T00:00:00
db:NVDid:CVE-2018-19064date:2024-11-21T03:57:15.433

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-04048date:2019-02-14T00:00:00
db:VULHUBid:VHN-129686date:2018-11-07T00:00:00
db:VULMONid:CVE-2018-19064date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-011649date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-141date:2018-11-08T00:00:00
db:NVDid:CVE-2018-19064date:2018-11-07T18:29:00.803