Details of VAR-201811-0825

ID

VAR-201811-0825

CVE

CVE-2018-19068

TITLE

Foscam Opticam i5 Vulnerabilities related to security functions in device system firmware and application firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-011913

DESCRIPTION

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials. FoscamOptiCami5 is an IP camera from China Foscam. There are security vulnerabilities in FoscamOpticami5deviceswithSystemFirmware1.5.2.11 and ApplicationFirmware2.21.1.128. An attacker could exploit this vulnerability to control the device

Trust: 2.25

sources: NVD: CVE-2018-19068 // JVNDB: JVNDB-2018-011913 // CNVD: CNVD-2018-22816 // VULHUB: VHN-129690

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-22816

AFFECTED PRODUCTS

vendor:	opticam	model:	i5 application	scope:	eq	version:	2.21.1.128	Trust: 2.4
vendor:	opticam	model:	i5 system	scope:	eq	version:	1.5.2.11	Trust: 2.4
vendor:	foscam	model:	c2 application	scope:	eq	version:	2.72.1.32	Trust: 1.0
vendor:	foscam	model:	c2 system	scope:	eq	version:	1.11.1.8	Trust: 1.0
vendor:	foscam	model:	c2 application	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	c2 system	scope:	-	version:	-	Trust: 0.8
vendor:	foscam	model:	opticam i5 application	scope:	eq	version:	2.21.1.128	Trust: 0.6
vendor:	foscam	model:	opticam i5 system	scope:	eq	version:	1.5.2.11	Trust: 0.6

sources: CNVD: CNVD-2018-22816 // JVNDB: JVNDB-2018-011913 // CNNVD: CNNVD-201811-145 // NVD: CVE-2018-19068

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19068
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-19068
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-22816
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201811-145
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-129690
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-19068
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-22816
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-129690
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19068
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-22816 // VULHUB: VHN-129690 // JVNDB: JVNDB-2018-011913 // CNNVD: CNNVD-201811-145 // NVD: CVE-2018-19068

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-129690 // JVNDB: JVNDB-2018-011913 // NVD: CVE-2018-19068

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-145

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201811-145

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011913

PATCH

title:

url:

https://www.foscam.com/C2.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-011913

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19068	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-011913	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-145	Trust: 0.7
db:	CNVD	id:	CNVD-2018-22816	Trust: 0.6
db:	VULHUB	id:	VHN-129690	Trust: 0.1

sources: CNVD: CNVD-2018-22816 // VULHUB: VHN-129690 // JVNDB: JVNDB-2018-011913 // CNNVD: CNNVD-201811-145 // NVD: CVE-2018-19068

REFERENCES

url:	https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19068	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19068	Trust: 0.8
url:	https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera	Trust: 0.8

sources: CNVD: CNVD-2018-22816 // VULHUB: VHN-129690 // JVNDB: JVNDB-2018-011913 // CNNVD: CNNVD-201811-145 // NVD: CVE-2018-19068

SOURCES

db:	CNVD	id:	CNVD-2018-22816
db:	VULHUB	id:	VHN-129690
db:	JVNDB	id:	JVNDB-2018-011913
db:	CNNVD	id:	CNNVD-201811-145
db:	NVD	id:	CVE-2018-19068

LAST UPDATE DATE

2024-11-23T22:37:58.017000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-22816	date:	2018-11-09T00:00:00
db:	VULHUB	id:	VHN-129690	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-011913	date:	2019-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201811-145	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-19068	date:	2024-11-21T03:57:16.030

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-22816	date:	2018-11-09T00:00:00
db:	VULHUB	id:	VHN-129690	date:	2018-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-011913	date:	2019-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201811-145	date:	2018-11-08T00:00:00
db:	NVD	id:	CVE-2018-19068	date:	2018-11-07T18:29:02.100