CVE-2018-19068

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials...

CVE-2018-19070

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the...

CVE-2018-19069

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of...

Design/Logic Flaw

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials...

Design/Logic Flaw

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the...

Code injection

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of...

CVE-2018-19070

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the...

CVE-2018-19069

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of...

CVE-2018-19068

The CVE-2018-19068 entry concerns Foscam Opticam i5 devices running System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The vulnerability is that the CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials, suggesting an unintended access path to hidden Te...

CVE-2018-19069

The CVE-2018-19069 entry affects Foscam C2 devices (System Firmware 1.11.1.8 and App Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and App Firmware 2.21.1.128). The issue involves CGIProxy.fcgi?cmd=setTelnetSwitch being authorized for the root user with the password “toor,”...

CVE-2018-19068

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials...

CVE-2018-11560

The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100...

Stack overflow

The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100...

Foscam IP Video Camera CGIProxy.fcgi Firmware Upgrade Code Execution Vulnerability

Summary Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to th...

Foscam IP Video Camera CGIProxy.fcgi logOut Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply...

Foscam IP Video Camera CGIProxy.fcgi SoftAP Configuration Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration...

Foscam IP Video Camera CGIProxy.fcgi SMTP Test Host Parameter Configuration Command Injection Vulnerability(CVE-2017-2841)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting...

Foscam IP Video Camera CGIProxy.fcgi Change Username pureftpd.passwd Injection Vulnerability(CVE-2017-2850)

Summary An exploitable injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username...

Foscam IP Video Camera CGIProxy.fcgi Account Password Command Injection Vulnerability(CVE-2017-2828)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resultin...

Foscam IP Video Camera CGIProxy.fcgi Account Creation Command Injection Vulnerability(CVE-2017-2827)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting...