Lucene search
Frederic BassePACKETSTORM:120624HistoryMar 04, 2013 - 12:00 a.m.
Foscam Firmware 11.37.2.48 Path Traversal
2013-03-0400:00:00
Frederic Basse
packetstormsecurity.com
25
0.007 Low
EPSS
Percentile
80.3%
`[CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability
_______________________________________________________________________
Summary:
Foscam firmware <= 11.37.2.48 is prone to a path traversal
vulnerability in the embedded web interface.
The unauthenticated attacker can access to the entire filesystem and
steal web & wifi credentials.
_______________________________________________________________________
Details:
GET //../proc/kcore HTTP/1.0
____________________________________________________________________
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Confidentiality Impact: Complete
Availability Impact: Complete
_______________________________________________________________________
Disclosure Timeline:
2013-01-18 Vendor fixed the issue in fw 11.37.2.49; no security notice
2013-02-21 Vulnerability found
2013-03-01 Public advisory
_______________________________________________________________________
Solution:
A new firmware is available on vendor's site:
http://www.foscam.com/down3.aspx
_______________________________________________________________________
References:
http://code.google.com/p/bflt-utils/
http://wiki.openipcam.com/
_______________________________________________________________________
Arnaud Calmejane - Frederic Basse
`
Related
cve
cve
CVE-2013-2560
2022-10-03 16:14:59
prion
prion
Directory traversal
2013-03-15 20:55:00
nessus
nessus
Foscam 11.37.2.x < 11.37.2.49 Directory Traversal
2013-03-24 00:00:00
openvas
openvas
Foscam < 11.37.2.49 Directory Traversal Vulnerability
2013-03-15 00:00:00
nvd
nvd
CVE-2013-2560
2013-03-15 20:55:11
cvelist
cvelist
CVE-2013-2560
2022-10-03 16:14:59
securityvulns
securityvulns
Foscam cameras security vulnerabilities
2013-07-29 00:00:00