Lucene search
+L
FoscamC2 System Firmware

20 matches found

CVE
CVE
added 2018/11/07 6:0 p.m.80 views

CVE-2018-19081

Vulnerability summary (CVE-2018-19081) : Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128 allow remote command execution via the ONVIF devicemgmt SetDNS method, using the IPv4Address field. This is documented as an arbitrary OS command execution vulnerab...

10CVSS9.8AI score0.04969EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.56 views

CVE-2018-19076

CVE-2018-19076 affects Foscam C2 devices (System Firmware 1.11.1.8, Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). The issue arises because FTP and RTSP services do not enforce failed-authentication limits, making brute-force au...

9.8CVSS9.5AI score0.01852EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.56 views

CVE-2018-19082

Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128 expose a stack-based buffer overflow in ONVIF devicemgmt SetDNS when handling the IPv4Address field. The vulnerability is exploitable remotely over the network (no authentication) and can impact confidenti...

9.8CVSS9.6AI score0.02318EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.54 views

CVE-2018-19063

The CVE-2018-19063 entry concerns Foscam C2 devices (System Firmware 1.11.1.8 and Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and Application Firmware 2.21.1.128) where the admin account has a blank password. The available connected records confirm affected mo...

10CVSS9.4AI score0.01995EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.54 views

CVE-2018-19068

The CVE-2018-19068 entry concerns Foscam Opticam i5 devices running System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The vulnerability is that the CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials, suggesting an unintended access path to hidden Te...

4.9CVSS5.3AI score0.01008EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.53 views

CVE-2018-19064

The CVE-2018-19064 entry affects Foscam C2 devices (System FW 1.11.1.8; App FW 2.72.1.32) and Opticam i5 devices (System FW 1.5.2.11; App FW 2.21.1.128). The vulnerability is that the ftpuser1 account has a blank password which cannot be changed. The provided documents identify this credential is...

10CVSS9.4AI score0.01995EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.53 views

CVE-2018-19075

The CVE-2018-19075 entry concerns Foscam C2 devices (System Firmware 1.11.1.8 and Application 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and Application 2.21.1.128). The issue is tied to the firewall feature, where remote attackers could infer credentials and firewall rules due t...

5.3CVSS5.4AI score0.01687EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.52 views

CVE-2018-19070

The CVE refers to CVE-2018-19070 affecting Foscam C2 devices (System Firmware 1.11.1.8; Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11; Application Firmware 2.21.1.128). The vulnerability allows remote attackers to execute arbitrary OS commands via shell metachar...

9CVSS7.5AI score0.04437EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.52 views

CVE-2018-19077

CVE-2018-19077 affects Foscam Opticam i5 with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The vulnerability is in RtspServer, where a negative integer in the RTSP Content-Length header can be exploited remotely to cause a denial of service (daemon hang or restart). Connected doc...

7.8CVSS7.4AI score0.02187EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.52 views

CVE-2018-19078

The CVE-2018-19078 entry concerns Foscam Opticam i5 devices (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). The issue is an information disclosure: the ONVIF media GetStreamUri response contains the administrator username and password. This is documented in CNVD-2018-22818 and echoed...

9.8CVSS9.3AI score0.01591EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.51 views

CVE-2018-19067

The CVE-2018-19067 entry concerns Foscam C2 devices (System Firmware 1.11.1.8 and Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and Application Firmware 2.21.1.128) that ship a hardcoded factory account password, Ak47@99. This is a credential issue relying on a ...

10CVSS9.5AI score0.02036EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.51 views

CVE-2018-19074

The CVE-2018-19074 entry concerns Foscam C2 devices (System Firmware 1.11.1.8; App FW 2.72.1.32) and Opticam i5 devices (System FW 1.5.2.11; App FW 2.21.1.128). The underlying issue is that the firewall provides minimal protection: it blocks only port 443 and partially blocks port 88, leaving oth...

7.5CVSS7.6AI score0.01292EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.49 views

CVE-2018-19071

The vulnerability CVE-2018-19071 affects Foscam C2 devices (System 1.11.1.8, App 2.72.1.32) and Opticam i5 devices (System 1.5.2.11, App 2.21.1.128): /mnt/mtd/boot.sh is world-writable (0777), enabling local users to control the commands executed at system startup. This may allow modification of ...

7.8CVSS7.6AI score0.0039EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.49 views

CVE-2018-19072

The CVE-2018-19072 entry affects Foscam C2 devices (System Firmware 1.11.1.8 and Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and Application Firmware 2.21.1.128). /mnt/mtd/app has 0777 permissions, enabling local users to replace an archive file in that direct...

5.5CVSS5.5AI score0.00347EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.48 views

CVE-2018-19073

The CVE-2018-19073 entry describes arbitrary OS command execution on Foscam C2 (System 1.11.1.8; App 2.72.1.32) and Opticam i5 (System 1.5.2.11; App 2.21.1.128) devices. Vulnerability arises from allowing shell metacharacters in the modelName by exploiting write access to /mnt/mtd/app/config/Prod...

9CVSS7.5AI score0.01946EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.47 views

CVE-2018-19065

CVE-2018-19065 affects Foscam C2 devices (System FW 1.11.1.8; App FW 2.72.1.32) and Opticam i5 devices (System FW 1.5.2.11; App FW 2.21.1.128). The issue is that the exported device configuration may be encrypted with a hardcoded password (BpP+2R9*Q) in some cases, enabling partial disclosure of ...

7.5CVSS7.6AI score0.01582EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.47 views

CVE-2018-19069

The CVE-2018-19069 entry affects Foscam C2 devices (System Firmware 1.11.1.8 and App Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11 and App Firmware 2.21.1.128). The issue involves CGIProxy.fcgi?cmd=setTelnetSwitch being authorized for the root user with the password “toor,”...

10CVSS9.5AI score0.01995EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.47 views

CVE-2018-19079

Affected product : Foscam Opticam i5 (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). Vulnerability : The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot, enabling an attacker without credentials to reboot the device. Impact (as stated) : High availability impact on...

7.8CVSS7.6AI score0.01522EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.46 views

CVE-2018-19066

The CVE-2018-19066 entry concerns hardcoded credentials in device configuration handling. Affected devices include Foscam C2 (System FW 1.11.1.8 and App FW 2.72.1.32) and Opticam i5 (System FW 1.5.2.11 and App FW 2.21.1.128). The issue is that the exported device configuration is encrypted with t...

7.5CVSS7.6AI score0.01582EPSS
CVE
CVE
added 2018/11/07 6:0 p.m.46 views

CVE-2018-19080

Summary (CVE-2018-19080) : A persistent cross-site scripting vulnerability exists in the ONVIF devicemgmt SetHostname method on Foscam Opticam i5 devices (System Firmware 1.5.2.11, Application Firmware 2.21.1.128). The issue is unauthenticated and can persist in the device, enabling XSS. Affected...

6.1CVSS6.4AI score0.00886EPSS