3 matches found
Foscam IP Video Camera CGIProxy.fcgi Account Creation Command Injection Vulnerability(CVE-2017-2827)
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting...
CVE-2017-2827
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in...
CVE-2017-2827
The CVE-2017-2827 issue affects Foscam C1 Indoor HD Cameras via the CGIProxy.fcgi service in the web management interface. An account creation command (addAccount) accepts usrName, usrPwd, and privilege (required to be 2) and passes these to FTPconfigUser, which builds a shell command: sh /usr/bi...