Sign-up

ID

VAR-201811-0826


CVE

CVE-2018-19069


TITLE

Foscam C2 Device and Opticam i5 Vulnerabilities related to the use of hard-coded credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-011653

DESCRIPTION

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). There are security vulnerabilities in the FoscamC2 and Opticami5 devices that an attacker can use to control the telnetd service by sending a specially crafted HTTP request. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices

Trust: 2.34

sources: NVD: CVE-2018-19069 // JVNDB: JVNDB-2018-011653 // CNVD: CNVD-2019-04047 // VULHUB: VHN-129691 // VULMON: CVE-2018-19069

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-04047

AFFECTED PRODUCTS

vendor:opticammodel:i5 applicationscope:eqversion:2.21.1.128

Trust: 2.4

vendor:opticammodel:i5 systemscope:eqversion:1.5.2.11

Trust: 2.4

vendor:foscammodel:c2 applicationscope:eqversion:2.72.1.32

Trust: 1.8

vendor:foscammodel:c2 systemscope:eqversion:1.11.1.8

Trust: 1.8

vendor:foscammodel:c2 devices with systemscope:eqversion:1.11.1.8

Trust: 0.6

vendor:foscammodel:c2 devices with applicationscope:eqversion:2.72.1.32

Trust: 0.6

vendor:foscammodel:opticam i5 devices with systemscope:eqversion:1.5.2.11

Trust: 0.6

vendor:foscammodel:opticam i5 devices with applicationscope:eqversion:2.21.1.128

Trust: 0.6

sources: CNVD: CNVD-2019-04047 // JVNDB: JVNDB-2018-011653 // CNNVD: CNNVD-201811-146 // NVD: CVE-2018-19069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19069
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-19069
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-04047
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-146
value: CRITICAL

Trust: 0.6

VULHUB: VHN-129691
value: HIGH

Trust: 0.1

VULMON: CVE-2018-19069
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-19069
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-04047
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-129691
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-19069
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-04047 // VULHUB: VHN-129691 // VULMON: CVE-2018-19069 // JVNDB: JVNDB-2018-011653 // CNNVD: CNNVD-201811-146 // NVD: CVE-2018-19069

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-129691 // JVNDB: JVNDB-2018-011653 // NVD: CVE-2018-19069

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-146

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201811-146

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011653

PATCH
title:C2url:https://www.foscam.com/C2.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011653

EXTERNAL IDS
db:NVDid:CVE-2018-19069
Trust: 3.2
db:JVNDBid:JVNDB-2018-011653
Trust: 0.8
db:CNNVDid:CNNVD-201811-146
Trust: 0.7
db:CNVDid:CNVD-2019-04047
Trust: 0.6
db:VULHUBid:VHN-129691
Trust: 0.1
db:VULMONid:CVE-2018-19069
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-04047 // 
            
            
            
            VULHUB: VHN-129691 // 
            
            
            
            VULMON: CVE-2018-19069 // 
            
            
            
            JVNDB: JVNDB-2018-011653 // 
            
            
            
            CNNVD: CNNVD-201811-146 // 
            
            
            
            NVD: CVE-2018-19069

REFERENCES
url:https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
Trust: 3.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19069
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19069
Trust: 0.8
url:https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-04047 // 
            
            
            
            VULHUB: VHN-129691 // 
            
            
            
            VULMON: CVE-2018-19069 // 
            
            
            
            JVNDB: JVNDB-2018-011653 // 
            
            
            
            CNNVD: CNNVD-201811-146 // 
            
            
            
            NVD: CVE-2018-19069

SOURCES
db:CNVDid:CNVD-2019-04047
db:VULHUBid:VHN-129691
db:VULMONid:CVE-2018-19069
db:JVNDBid:JVNDB-2018-011653
db:CNNVDid:CNNVD-201811-146
db:NVDid:CVE-2018-19069

LAST UPDATE DATE
2024-11-23T22:06:28.033000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-04047date:2019-02-14T00:00:00
db:VULHUBid:VHN-129691date:2018-12-11T00:00:00
db:VULMONid:CVE-2018-19069date:2018-12-11T00:00:00
db:JVNDBid:JVNDB-2018-011653date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-146date:2018-11-08T00:00:00
db:NVDid:CVE-2018-19069date:2024-11-21T03:57:16.190

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-04047date:2019-02-14T00:00:00
db:VULHUBid:VHN-129691date:2018-11-07T00:00:00
db:VULMONid:CVE-2018-19069date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-011653date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-146date:2018-11-08T00:00:00
db:NVDid:CVE-2018-19069date:2018-11-07T18:29:02.367