219 matches found
HPSBHF03604 rev. 2 - Intel Xeon® Platform Firmware Included Unsecure Handling of Certain UEFI Variables
Potential Security Impact Escalation of Privilege, Denial of Service. Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Insecure handling of UEFI variables in Intel® Xeon® Scalable processors, Intel® Xeon® Processor E5 v4 Family, Intel® Xeon® Processor E5...
Input validation
Improper setting of device configuration in system firmware for IntelR NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access...
CVE-2018-20575
Orange Livebox 00.96.320S devices have an undocumented /systemfirmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2...
CVE-2018-19068
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials...
CVE-2018-19068
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials...
CVE-2018-19066
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift password in some cases...
Design/Logic Flaw
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials...
Default credentials
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password...
Cross site scripting
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS...
Hardcoded credentials
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9Q password in some case...
Hardcoded credentials
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift password in some cases...
Code injection
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of...
Design/Logic Flaw
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service daemon hang or restart via a negative integer in the RTSP Content-Length header...
Design/Logic Flaw
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName,...
CVE-2018-19074
The CVE-2018-19074 entry concerns Foscam C2 devices (System Firmware 1.11.1.8; App FW 2.72.1.32) and Opticam i5 devices (System FW 1.5.2.11; App FW 2.21.1.128). The underlying issue is that the firewall provides minimal protection: it blocks only port 443 and partially blocks port 88, leaving oth...
CVE-2018-19077
CVE-2018-19077 affects Foscam Opticam i5 with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The vulnerability is in RtspServer, where a negative integer in the RTSP Content-Length header can be exploited remotely to cause a denial of service (daemon hang or restart). Connected doc...
CVE-2018-19076
CVE-2018-19076 affects Foscam C2 devices (System Firmware 1.11.1.8, Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). The issue arises because FTP and RTSP services do not enforce failed-authentication limits, making brute-force au...
CVE-2018-19068
The CVE-2018-19068 entry concerns Foscam Opticam i5 devices running System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The vulnerability is that the CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials, suggesting an unintended access path to hidden Te...
CVE-2018-19079
Affected product : Foscam Opticam i5 (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). Vulnerability : The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot, enabling an attacker without credentials to reboot the device. Impact (as stated) : High availability impact on...
CVE-2018-19063
The CVE-2018-19063 entry concerns Foscam C2 devices (System Firmware 1.11.1.8 and Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and Application Firmware 2.21.1.128) where the admin account has a blank password. The available connected records confirm affected mo...