20 matches found
CVE-2018-19081
Vulnerability summary (CVE-2018-19081) : Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128 allow remote command execution via the ONVIF devicemgmt SetDNS method, using the IPv4Address field. This is documented as an arbitrary OS command execution vulnerab...
CVE-2018-19076
CVE-2018-19076 affects Foscam C2 devices (System Firmware 1.11.1.8, Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). The issue arises because FTP and RTSP services do not enforce failed-authentication limits, making brute-force au...
CVE-2018-19082
Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128 expose a stack-based buffer overflow in ONVIF devicemgmt SetDNS when handling the IPv4Address field. The vulnerability is exploitable remotely over the network (no authentication) and can impact confidenti...
CVE-2018-19063
The CVE-2018-19063 entry concerns Foscam C2 devices (System Firmware 1.11.1.8 and Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and Application Firmware 2.21.1.128) where the admin account has a blank password. The available connected records confirm affected mo...
CVE-2018-19068
The CVE-2018-19068 entry concerns Foscam Opticam i5 devices running System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The vulnerability is that the CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials, suggesting an unintended access path to hidden Te...
CVE-2018-19064
The CVE-2018-19064 entry affects Foscam C2 devices (System FW 1.11.1.8; App FW 2.72.1.32) and Opticam i5 devices (System FW 1.5.2.11; App FW 2.21.1.128). The vulnerability is that the ftpuser1 account has a blank password which cannot be changed. The provided documents identify this credential is...
CVE-2018-19075
The CVE-2018-19075 entry concerns Foscam C2 devices (System Firmware 1.11.1.8 and Application 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and Application 2.21.1.128). The issue is tied to the firewall feature, where remote attackers could infer credentials and firewall rules due t...
CVE-2018-19070
The CVE refers to CVE-2018-19070 affecting Foscam C2 devices (System Firmware 1.11.1.8; Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11; Application Firmware 2.21.1.128). The vulnerability allows remote attackers to execute arbitrary OS commands via shell metachar...
CVE-2018-19077
CVE-2018-19077 affects Foscam Opticam i5 with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The vulnerability is in RtspServer, where a negative integer in the RTSP Content-Length header can be exploited remotely to cause a denial of service (daemon hang or restart). Connected doc...
CVE-2018-19078
The CVE-2018-19078 entry concerns Foscam Opticam i5 devices (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). The issue is an information disclosure: the ONVIF media GetStreamUri response contains the administrator username and password. This is documented in CNVD-2018-22818 and echoed...
CVE-2018-19067
The CVE-2018-19067 entry concerns Foscam C2 devices (System Firmware 1.11.1.8 and Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and Application Firmware 2.21.1.128) that ship a hardcoded factory account password, Ak47@99. This is a credential issue relying on a ...
CVE-2018-19074
The CVE-2018-19074 entry concerns Foscam C2 devices (System Firmware 1.11.1.8; App FW 2.72.1.32) and Opticam i5 devices (System FW 1.5.2.11; App FW 2.21.1.128). The underlying issue is that the firewall provides minimal protection: it blocks only port 443 and partially blocks port 88, leaving oth...
CVE-2018-19071
The vulnerability CVE-2018-19071 affects Foscam C2 devices (System 1.11.1.8, App 2.72.1.32) and Opticam i5 devices (System 1.5.2.11, App 2.21.1.128): /mnt/mtd/boot.sh is world-writable (0777), enabling local users to control the commands executed at system startup. This may allow modification of ...
CVE-2018-19072
The CVE-2018-19072 entry affects Foscam C2 devices (System Firmware 1.11.1.8 and Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and Application Firmware 2.21.1.128). /mnt/mtd/app has 0777 permissions, enabling local users to replace an archive file in that direct...
CVE-2018-19073
The CVE-2018-19073 entry describes arbitrary OS command execution on Foscam C2 (System 1.11.1.8; App 2.72.1.32) and Opticam i5 (System 1.5.2.11; App 2.21.1.128) devices. Vulnerability arises from allowing shell metacharacters in the modelName by exploiting write access to /mnt/mtd/app/config/Prod...
CVE-2018-19065
CVE-2018-19065 affects Foscam C2 devices (System FW 1.11.1.8; App FW 2.72.1.32) and Opticam i5 devices (System FW 1.5.2.11; App FW 2.21.1.128). The issue is that the exported device configuration may be encrypted with a hardcoded password (BpP+2R9*Q) in some cases, enabling partial disclosure of ...
CVE-2018-19069
The CVE-2018-19069 entry affects Foscam C2 devices (System Firmware 1.11.1.8 and App Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and App Firmware 2.21.1.128). The issue involves CGIProxy.fcgi?cmd=setTelnetSwitch being authorized for the root user with the password “toor,”...
CVE-2018-19079
Affected product : Foscam Opticam i5 (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). Vulnerability : The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot, enabling an attacker without credentials to reboot the device. Impact (as stated) : High availability impact on...
CVE-2018-19066
The CVE-2018-19066 entry concerns hardcoded credentials in device configuration handling. Affected devices include Foscam C2 (System FW 1.11.1.8 and App FW 2.72.1.32) and Opticam i5 (System FW 1.5.2.11 and App FW 2.21.1.128). The issue is that the exported device configuration is encrypted with t...
CVE-2018-19080
Summary (CVE-2018-19080) : A persistent cross-site scripting vulnerability exists in the ONVIF devicemgmt SetHostname method on Foscam Opticam i5 devices (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). The issue is unauthenticated and can persist in the device, enabling XSS. Affected...