219 matches found
CVE-2018-19073
The CVE-2018-19073 entry describes arbitrary OS command execution on Foscam C2 (System 1.11.1.8; App 2.72.1.32) and Opticam i5 (System 1.5.2.11; App 2.21.1.128) devices. Vulnerability arises from allowing shell metacharacters in the modelName by exploiting write access to /mnt/mtd/app/config/Prod...
CVE-2018-19079
Affected product : Foscam Opticam i5 (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). Vulnerability : The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot, enabling an attacker without credentials to reboot the device. Impact (as stated) : High availability impact on...
CVE-2018-19063
The CVE-2018-19063 entry concerns Foscam C2 devices (System Firmware 1.11.1.8 and Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and Application Firmware 2.21.1.128) where the admin account has a blank password. The available connected records confirm affected mo...
CVE-2018-19082
Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128 expose a stack-based buffer overflow in ONVIF devicemgmt SetDNS when handling the IPv4Address field. The vulnerability is exploitable remotely over the network (no authentication) and can impact confidenti...
CVE-2018-19081
Vulnerability summary (CVE-2018-19081) : Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128 allow remote command execution via the ONVIF devicemgmt SetDNS method, using the IPv4Address field. This is documented as an arbitrary OS command execution vulnerab...
CVE-2018-19070
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the...
CVE-2018-19068
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials...
CVE-2018-19078
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password...
System firmware Can Be Erased or Corrupted After Boot - US
Lenovo Security Advisory: LEN-16445 Potential Impact: An attacker could manipulate the vulnerability to prevent a system from booting, to cause it to operate in an unusual way, or execute arbitrary code during the system boot sequence. Severity: High Scope of Impact: Industry-wide CVE Identifier:...
CHIPSEC - Platform Security Assessment Framework
CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware BIOS/UEFI, and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and...
CVE-2018-3612
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode SMM...
CVE-2017-5722
CVE-2017-5722 corresponds to an Intel NUC BIOS/system firmware issue: incorrect policy enforcement allows local or physical attackers to bypass integrity protections by manipulating firmware storage on NUC7i3/5/7 BN0049 and below. The vulnerability is discussed alongside related BIOS security iss...
CVE-2017-5721
Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory...
CVE-2017-5701
Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery...
CVE-2017-5700
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage...
CVE-2017-5721
CVE-2017-5721 is the Intel NUC system firmware SMM Privilege Elevation vulnerability described in the Intel advisory INTEL-SA-00084. The issue stems from insufficient input validation in the system firmware that can allow a local attacker to execute arbitrary code by manipulating memory. Affected...
Foscam IP Video Camera CGIProxy.fcgi SMTP Test Host Parameter Configuration Command Injection Vulnerability(CVE-2017-2841)
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting...
CVE-2017-5691
Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state...
Design/Logic Flaw
Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state...
CVE-2017-5691
CVE-2017-5691 covers an incorrect check in Intel processors (6th/7th Gen Core, Xeon E3-1500M v5/v6, E3-1200 v5/v6) that can allow a compromised system firmware to impact Intel SGX via an incorrect early system state. Public sources identify the affected hardware and provide remediation guidance. ...