Lucene search

[email protected]CVE-2017-2871

HistoryApr 17, 2018 - 8:29 p.m.

CVE-2017-2871

2018-04-1720:29:00

CWE-287

[email protected]

web.nvd.nist.gov

security

foscam

indoor

hd camera

firmware

vulnerability

cve-2017-2871

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.8%

JSON

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image.

CPENameOperatorVersion
foscam:c1_firmwarefoscam c1 firmwareeq2.52.2.43

CPE	Name	Operator	Version
foscam:c1_firmware	foscam c1 firmware	eq	2.52.2.43

References

talosintelligence.com/vulnerability_reports/TALOS-2017-0378

Social References

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.8%

JSON

Related for CVE-2017-2871

talosblog1 seebug1 prion1 talos1