Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    168 vulnerabilities by Foscam

    CVE-2019-25437 (GCVE-0-2019-25437)

    Vulnerability from nvd – Published: 2026-02-20 22:54 – Updated: 2026-04-07 14:04
    VLAI
    Title
    Foscam Video Management System 1.1.6.6 Buffer Overflow Denial of Service
    Summary
    Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into the UID parameter during device addition to trigger an application crash when the Login Check function is invoked.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    Alessandro Magnosi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25437",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T15:29:27.231573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T15:29:50.923Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Foscam Video Management System",
              "vendor": "Foscam",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.6.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alessandro Magnosi"
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into the UID parameter during device addition to trigger an application crash when the Login Check function is invoked."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T14:04:02.352Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-47478",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/47478"
            },
            {
              "name": "Official Product Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.foscam.com/"
            },
            {
              "name": "VulnCheck Advisory: Foscam Video Management System 1.1.6.6 Buffer Overflow Denial of Service",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/foscam-video-management-system-buffer-overflow-denial-of-service"
            }
          ],
          "title": "Foscam Video Management System 1.1.6.6 Buffer Overflow Denial of Service",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25437",
        "datePublished": "2026-02-20T22:54:50.198Z",
        "dateReserved": "2026-02-19T22:17:56.245Z",
        "dateUpdated": "2026-04-07T14:04:02.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-25437 (GCVE-0-2019-25437)

    Vulnerability from cvelistv5 – Published: 2026-02-20 22:54 – Updated: 2026-04-07 14:04
    VLAI
    Title
    Foscam Video Management System 1.1.6.6 Buffer Overflow Denial of Service
    Summary
    Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into the UID parameter during device addition to trigger an application crash when the Login Check function is invoked.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    Alessandro Magnosi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25437",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T15:29:27.231573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T15:29:50.923Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Foscam Video Management System",
              "vendor": "Foscam",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.6.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alessandro Magnosi"
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into the UID parameter during device addition to trigger an application crash when the Login Check function is invoked."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T14:04:02.352Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-47478",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/47478"
            },
            {
              "name": "Official Product Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.foscam.com/"
            },
            {
              "name": "VulnCheck Advisory: Foscam Video Management System 1.1.6.6 Buffer Overflow Denial of Service",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/foscam-video-management-system-buffer-overflow-denial-of-service"
            }
          ],
          "title": "Foscam Video Management System 1.1.6.6 Buffer Overflow Denial of Service",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25437",
        "datePublished": "2026-02-20T22:54:50.198Z",
        "dateReserved": "2026-02-19T22:17:56.245Z",
        "dateUpdated": "2026-04-07T14:04:02.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-201809-0073

    Vulnerability from variot - Updated: 2024-02-13 22:51

    An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. An information disclosure vulnerability exists in FoscamC1IndoorHDCamera

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0073",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c1",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "foscam",
            "version": "2.52.2.43"
          },
          {
            "model": "system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.9.3.18"
          },
          {
            "model": "indoor ip camera c1 plug-in",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "3.3.0.26"
          },
          {
            "model": "indoor ip camera c1 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.52.2.43"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34266"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-759"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2874"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_firmware:2.52.2.43:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2874"
          }
        ]
      },
      "cve": "CVE-2017-2874",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-2874",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-34266",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-111077",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2874",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2874",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2874",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-34266",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-759",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-111077",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-2874",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111077"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2874"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-759"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2874"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2874"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. An information disclosure vulnerability exists in FoscamC1IndoorHDCamera",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2874"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014280"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111077"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2874"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2874",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0381",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014280",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-759",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34266",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96854",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-111077",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2874",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111077"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2874"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-759"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2874"
          }
        ]
      },
      "id": "VAR-201809-0073",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111077"
          }
        ],
        "trust": 1.6761904666666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34266"
          }
        ]
      },
      "last_update_date": "2024-02-13T22:51:36.550000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.foscam.com/downloads/index.html"
          },
          {
            "title": "FoscamIPVideoCamera Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/106252"
          },
          {
            "title": "Foscam C1 Indoor HD Camera Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84928"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34266"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-759"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-111077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014280"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2874"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0381"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2874"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2874"
          },
          {
            "trust": 0.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0381"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111077"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2874"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-759"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2874"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111077"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2874"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-759"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2874"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34266"
          },
          {
            "date": "2018-09-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111077"
          },
          {
            "date": "2018-09-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2874"
          },
          {
            "date": "2018-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014280"
          },
          {
            "date": "2018-09-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-759"
          },
          {
            "date": "2018-09-17T18:29:00.263000",
            "db": "NVD",
            "id": "CVE-2017-2874"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34266"
          },
          {
            "date": "2018-11-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111077"
          },
          {
            "date": "2022-06-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2874"
          },
          {
            "date": "2018-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014280"
          },
          {
            "date": "2022-06-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-759"
          },
          {
            "date": "2022-06-07T17:25:54.143000",
            "db": "NVD",
            "id": "CVE-2017-2874"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-759"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C1 Indoor HD Camera Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014280"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-759"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0496

    Vulnerability from variot - Updated: 2024-02-05 22:52

    An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. The FoscamIndoorIPCameraC1Series is a C1 series wireless IP camera from Foscam, China. Foscam IP Video Camera is prone to multiple command-injection vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary commands in context of the affected device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0496",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c1 indoor hd camera",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "foscam",
            "version": "2.52.2.37"
          },
          {
            "model": "ip video camera",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "foscam",
            "version": "1.9.3.17"
          },
          {
            "model": "ip video camera",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "foscam",
            "version": "2.0.2.43"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12600"
          },
          {
            "db": "BID",
            "id": "99184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005186"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-1123"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2841"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_indoor_hd_camera_firmware:2.52.2.37:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1_indoor_hd_camera:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2841"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cory Duplantis, Claudio Bozzato and another member of Cisco Talos.",
        "sources": [
          {
            "db": "BID",
            "id": "99184"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2841",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-2841",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-12600",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-111044",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2841",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2841",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2841",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-12600",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-1123",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-111044",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-2841",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12600"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111044"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005186"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-1123"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2841"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2841"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. The FoscamIndoorIPCameraC1Series is a C1 series wireless IP camera from Foscam, China. Foscam IP Video Camera is prone to multiple command-injection vulnerabilities. \nExploiting these issues could allow an attacker to execute arbitrary commands in context of the affected device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005186"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12600"
          },
          {
            "db": "BID",
            "id": "99184"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111044"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2841"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2841",
            "trust": 3.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0343",
            "trust": 3.2
          },
          {
            "db": "BID",
            "id": "99184",
            "trust": 2.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005186",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-1123",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12600",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96494",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-111044",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2841",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12600"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111044"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2841"
          },
          {
            "db": "BID",
            "id": "99184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005186"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-1123"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2841"
          }
        ]
      },
      "id": "VAR-201706-0496",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12600"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111044"
          }
        ],
        "trust": 1.3964285699999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12600"
          }
        ]
      },
      "last_update_date": "2024-02-05T22:52:18.435000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.foscam.com/"
          },
          {
            "title": "Patch for FoscamIndoorIPCameraC1Series command injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/97214"
          },
          {
            "title": "Foscam Indoor IP Camera C1 Series Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71317"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12600"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005186"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-1123"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-77",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-111044"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005186"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2841"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0343"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/99184"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2841"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2841"
          },
          {
            "trust": 0.6,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0343"
          },
          {
            "trust": 0.3,
            "url": "http://www.foscam.com/"
          },
          {
            "trust": 0.3,
            "url": "http://blog.talosintelligence.com/2017/06/foscam-vuln-details.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=54236"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12600"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111044"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2841"
          },
          {
            "db": "BID",
            "id": "99184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005186"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-1123"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2841"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12600"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111044"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2841"
          },
          {
            "db": "BID",
            "id": "99184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005186"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-1123"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2841"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-12600"
          },
          {
            "date": "2017-06-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111044"
          },
          {
            "date": "2017-06-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2841"
          },
          {
            "date": "2017-06-19T00:00:00",
            "db": "BID",
            "id": "99184"
          },
          {
            "date": "2017-07-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005186"
          },
          {
            "date": "2017-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-1123"
          },
          {
            "date": "2017-06-27T15:29:00.177000",
            "db": "NVD",
            "id": "CVE-2017-2841"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-12600"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111044"
          },
          {
            "date": "2022-06-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2841"
          },
          {
            "date": "2017-06-19T00:00:00",
            "db": "BID",
            "id": "99184"
          },
          {
            "date": "2017-07-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005186"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-1123"
          },
          {
            "date": "2022-06-07T17:27:50.587000",
            "db": "NVD",
            "id": "CVE-2017-2841"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-1123"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C1 Indoor HD Camera  Web Command injection vulnerability in management interface",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005186"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-1123"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0738

    Vulnerability from variot - Updated: 2023-12-26 22:55

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0738",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          }
        ]
      },
      "cve": "CVE-2018-19077",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-19077",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-22817",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129700",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-19077",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19077",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22817",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-154",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129700",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19077",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19077",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          }
        ]
      },
      "id": "VAR-201811-0738",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          }
        ]
      },
      "last_update_date": "2023-12-26T22:55:15.849000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          },
          {
            "title": "https://github.com/Samsung/cotopaxi",
            "trust": 0.1,
            "url": "https://github.com/samsung/cotopaxi "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19077"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19077"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/samsung/cotopaxi"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "date": "2018-11-07T18:29:05.383000",
            "db": "NVD",
            "id": "CVE-2018-19077"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "date": "2018-12-13T15:51:21.727000",
            "db": "NVD",
            "id": "CVE-2018-19077"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 Out-of-bounds reading vulnerability in device system firmware and application firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0070

    Vulnerability from variot - Updated: 2023-12-18 14:05

    An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. DDNSclient is one of the dynamic domain name service clients

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0070",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c1",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "foscam",
            "version": "2.52.2.43"
          },
          {
            "model": "system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.9.3.18"
          },
          {
            "model": "indoor ip camera c1 plug-in",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "3.3.0.26"
          },
          {
            "model": "indoor ip camera c1 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.52.2.43"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014273"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2857"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-423"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_firmware:2.52.2.43:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2857"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Claudio Bozzato of Cisco Talos",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-423"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-2857",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-2857",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2017-34263",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-111060",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2857",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2857",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2857",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-34263",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-423",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-111060",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34263"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014273"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2857"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2857"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-423"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. DDNSclient is one of the dynamic domain name service clients",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2857"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014273"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34263"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111060"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2017-0360",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2857",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014273",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-423",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34263",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96858",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-111060",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34263"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014273"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2857"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-423"
          }
        ]
      },
      "id": "VAR-201809-0070",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34263"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111060"
          }
        ],
        "trust": 1.6761904666666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34263"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:05:20.421000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.foscam.com/downloads/index.html"
          },
          {
            "title": "Patch for FoscamC1IndoorHDCameraDDNS Client Buffer Overflow Vulnerability (CNVD-2017-34263)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/106249"
          },
          {
            "title": "Foscam C1 Indoor HD Camera DDNS Fixes for client buffer error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76291"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014273"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-423"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-111060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014273"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2857"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0360"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2857"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2857"
          },
          {
            "trust": 0.6,
            "url": "https://www.talosintelligence.com/reports/talos-2017-0360/"
          },
          {
            "trust": 0.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0360"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34263"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014273"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2857"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-423"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34263"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014273"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2857"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-423"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34263"
          },
          {
            "date": "2018-09-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111060"
          },
          {
            "date": "2018-12-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014273"
          },
          {
            "date": "2018-09-17T20:29:00.650000",
            "db": "NVD",
            "id": "CVE-2017-2857"
          },
          {
            "date": "2017-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-423"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34263"
          },
          {
            "date": "2018-11-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111060"
          },
          {
            "date": "2018-12-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014273"
          },
          {
            "date": "2022-06-07T17:26:07.247000",
            "db": "NVD",
            "id": "CVE-2017-2857"
          },
          {
            "date": "2022-06-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-423"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-423"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C1 Indoor HD Camera Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014273"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-423"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0737

    Vulnerability from variot - Updated: 2023-12-18 14:05

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP). Foscam C2 Device and Opticam i5 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A violent authentication attack vulnerability exists in the FoscamC2 and Opticami5 devices, which can be exploited by remote attackers to enforce brute force attacks. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0737",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          }
        ]
      },
      "cve": "CVE-2018-19076",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-19076",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04042",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-129699",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19076",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19076",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04042",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-153",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129699",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP). Foscam C2 Device and Opticam i5 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A violent authentication attack vulnerability exists in the FoscamC2 and Opticami5 devices, which can be exploited by remote attackers to enforce brute force attacks. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19076",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          }
        ]
      },
      "id": "VAR-201811-0737",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:05:17.905000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19076"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19076"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "date": "2018-11-07T18:29:05.070000",
            "db": "NVD",
            "id": "CVE-2018-19076"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "date": "2018-12-11T15:45:12.333000",
            "db": "NVD",
            "id": "CVE-2018-19076"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Authentication vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0821

    Vulnerability from variot - Updated: 2023-12-18 14:05

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. Foscam C2 Device and Opticam i5 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An encryption vulnerability exists in the FoscamC2 and Opticami5 devices. The vulnerability stems from the use of a null password (not modifiable) on the ftpuser1 account, which an attacker can use to control the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0821",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          }
        ]
      },
      "cve": "CVE-2018-19064",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2018-19064",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04048",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129686",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19064",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19064",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04048",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-141",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129686",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19064",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. Foscam C2 Device and Opticam i5 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An encryption vulnerability exists in the FoscamC2 and Opticami5 devices. The vulnerability stems from the use of a null password (not modifiable) on the ftpuser1 account, which an attacker can use to control the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19064",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          }
        ]
      },
      "id": "VAR-201811-0821",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:05:17.815000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-521",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19064"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19064"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/521.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "date": "2018-11-07T18:29:00.803000",
            "db": "NVD",
            "id": "CVE-2018-19064"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2018-19064"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to certificate and password management in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0734

    Vulnerability from variot - Updated: 2023-12-18 14:01

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access. Foscam C2 Device and Opticam i5 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Foscam C2 and Opticam i5 are both IP camera products of China Foscam

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0734",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          }
        ]
      },
      "cve": "CVE-2018-19073",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2018-19073",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2019-04045",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-129696",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19073",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19073",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04045",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-150",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129696",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access. Foscam C2 Device and Opticam i5 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Foscam C2 and Opticam i5 are both IP camera products of China Foscam",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19073",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ]
      },
      "id": "VAR-201811-0734",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:01:03.385000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19073"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19073"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "date": "2018-11-07T18:29:03.930000",
            "db": "NVD",
            "id": "CVE-2018-19073"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "date": "2018-12-11T14:49:30.477000",
            "db": "NVD",
            "id": "CVE-2018-19073"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 and Opticam i5 Operating System Command Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201807-2160

    Vulnerability from variot - Updated: 2023-12-18 13:52

    The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote authenticated users to execute arbitrary commands via a ';' in the ntpServer argument. NOTE: this issue exists because of an incomplete fix for CVE-2017-2849. plural Foscam The camera contains a command injection vulnerability. This vulnerability CVE-2017-2849 Due to an incomplete fix.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Foscomm (FOSCAM) is a safe living brand under the Shenzhen Foscom Intelligent Technology Co., Ltd., covering network video surveillance products (webcam, hard disk recorder, monitoring kit), video cloud storage services. The Foscom Foscam camera has a command injection vulnerability that stems from an attacker gaining administrator credentials that can be exploited as the root user to perform privilege escalation. are network camera products of China Foscam (FOSCAM) company. A security vulnerability exists in the 'setSystemTime' function in several Foscam Cameras products. A remote attacker can use the ';' in the ntpServer parameter to exploit this vulnerability to execute arbitrary commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-2160",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fi9831w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.11.1.120"
          },
          {
            "model": "fi9828p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.11.1.133"
          },
          {
            "model": "fi9805p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.14.1.120"
          },
          {
            "model": "fi9800p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.54.2.47"
          },
          {
            "model": "fi9900ep",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.74.1.59"
          },
          {
            "model": "fi9826p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.11.1.120"
          },
          {
            "model": "c1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.82.2.33"
          },
          {
            "model": "fi9803ep",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.22.2.31"
          },
          {
            "model": "fi9828p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.13.1.120"
          },
          {
            "model": "fi9800p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.81.2.33"
          },
          {
            "model": "fi9901ep",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.74.1.59"
          },
          {
            "model": "fi9826w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.11.1.120"
          },
          {
            "model": "fi9821p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.81.2.33"
          },
          {
            "model": "c2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.59"
          },
          {
            "model": "fi9803p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.24.2.31"
          },
          {
            "model": "fi9815p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.51.2.47"
          },
          {
            "model": "fi9851p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.54.2.47"
          },
          {
            "model": "fi9853ep",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.22.2.31"
          },
          {
            "model": "fi9805e",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.14.1.120"
          },
          {
            "model": "c1 lite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.52.2.47"
          },
          {
            "model": "fi9831p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.81.2.33"
          },
          {
            "model": "fi9816p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.51.2.47"
          },
          {
            "model": "fi9821ep",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.81.2.33"
          },
          {
            "model": "r2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.71.1.59"
          },
          {
            "model": "fi9804w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.14.1.120"
          },
          {
            "model": "fi9821p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.21.2.31"
          },
          {
            "model": "fi9928p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.74.1.58"
          },
          {
            "model": "fi9900p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.74.1.59"
          },
          {
            "model": "fi9961ep",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.59"
          },
          {
            "model": "fi9831p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.21.2.31"
          },
          {
            "model": "fi9821ep",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.21.2.31"
          },
          {
            "model": "fi9821p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.11.1.120"
          },
          {
            "model": "fi9803p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.54.2.47"
          },
          {
            "model": "fi9821w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.11.1.120"
          },
          {
            "model": "fi9826p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.81.2.33"
          },
          {
            "model": "c1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.52.2.47"
          },
          {
            "model": "r4",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.71.1.59"
          },
          {
            "model": "fi9831p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.11.1.120"
          },
          {
            "model": "c1 lite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.82.2.33"
          },
          {
            "model": "fi9828w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.13.1.120"
          },
          {
            "model": "fi9804p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.14.1.120"
          },
          {
            "model": "fi9818w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.13.2.120"
          },
          {
            "model": "fi9851p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.24.2.31"
          },
          {
            "model": "fi9826p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.21.2.31"
          },
          {
            "model": "fi9805w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.14.1.120"
          },
          {
            "model": "c1 lite",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c1",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "fi9800p",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "fi9900p",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "r2",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "r4",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "foscam",
            "scope": null,
            "trust": 0.6,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "fi9804w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.14.1.120"
          },
          {
            "model": "fi9805w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.14.1.120"
          },
          {
            "model": "fi9828p",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.13.1.120"
          },
          {
            "model": "fi9804p",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.14.1.120"
          },
          {
            "model": "fi9828w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.13.1.120"
          },
          {
            "model": "fi9805p",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.14.1.120"
          },
          {
            "model": "fi9828p",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.11.1.133"
          },
          {
            "model": "fi9805e",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.14.1.120"
          },
          {
            "model": "fi9826p",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.11.1.120"
          },
          {
            "model": "fi9818w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.13.2.120"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008030"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6831"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-496"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_lite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.82.2.33",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1_lite:3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.82.2.33",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1:3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9800p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.81.2.33",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9800p:3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9821ep_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.81.2.33",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9821ep:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9821p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.81.2.33",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9821p:3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9826p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.81.2.33",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9826p:3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9831p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.81.2.33",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9831p:3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.52.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.52.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_lite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.52.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1_lite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_lite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.52.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1_lite:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9800p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.54.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9800p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9800p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.54.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9800p:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9803p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.54.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9803p:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9803p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.54.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9803p:3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9851p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.54.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9851p:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9815p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.51.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9815p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9815p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.51.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9815p:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9816p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.51.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9816p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9816p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.51.2.47",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9816p:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:r2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.71.1.59",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:r2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:r4_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.71.1.59",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:r4:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.72.1.59",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9961ep_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.72.1.59",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9961ep:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9900ep_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.74.1.59",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9900ep:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9900p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.74.1.59",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9900p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9901ep_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.74.1.59",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9901ep:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9928p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.74.1.58",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9928p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9803ep_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.22.2.31",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9803ep:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9853ep_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.22.2.31",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9853ep:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9803p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.24.2.31",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9803p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9851p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.24.2.31",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9851p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9821p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.21.2.31",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9821p:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9826p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.21.2.31",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9826p:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9831p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.21.2.31",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9831p:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9821ep_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.21.2.31",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9821ep:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9821w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.11.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9821w:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9831w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.11.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9831w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9826w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.11.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9826w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9821p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.11.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9821p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9831p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.11.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9831p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9826p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.11.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9826p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9818w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.13.2.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9818w:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9805w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.14.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9805w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9804w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.14.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9804w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9804p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.14.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9804p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9805e_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.14.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9805e:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9805p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.14.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9805p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9828p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.13.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9828p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9828w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.13.1.120",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9828w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi9828p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.11.1.133",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi9828p:2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-6831"
          }
        ]
      },
      "cve": "CVE-2018-6831",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2018-6831",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2018-12143",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-136863",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-6831",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-6831",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12143",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201807-496",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-136863",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008030"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6831"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-496"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote authenticated users to execute arbitrary commands via a \u0027;\u0027 in the ntpServer argument.  NOTE: this issue exists because of an incomplete fix for CVE-2017-2849. plural Foscam The camera contains a command injection vulnerability. This vulnerability CVE-2017-2849 Due to an incomplete fix.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Foscomm (FOSCAM) is a safe living brand under the Shenzhen Foscom Intelligent Technology Co., Ltd., covering network video surveillance products (webcam, hard disk recorder, monitoring kit), video cloud storage services. The Foscom Foscam camera has a command injection vulnerability that stems from an attacker gaining administrator credentials that can be exploited as the root user to perform privilege escalation. are network camera products of China Foscam (FOSCAM) company. A security vulnerability exists in the \u0027setSystemTime\u0027 function in several Foscam Cameras products. A remote attacker can use the \u0027;\u0027 in the ntpServer parameter to exploit this vulnerability to execute arbitrary commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-6831"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008030"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136863"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-6831",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008030",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-496",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12143",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-136863",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008030"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6831"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-496"
          }
        ]
      },
      "id": "VAR-201807-2160",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136863"
          }
        ],
        "trust": 1.2743434319999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12143"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:52:34.191000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Securing Your Foscam Camera - Important Notice",
            "trust": 0.8,
            "url": "https://www.foscam.com/company/securing-your-foscam-camera-important-notice.html"
          },
          {
            "title": "Fuscom Foscam Camera Command Injection Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/132885"
          },
          {
            "title": "Multiple Foscam Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84012"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008030"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-496"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-77",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-136863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008030"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6831"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/"
          },
          {
            "trust": 1.7,
            "url": "https://www.foscam.com/company/securing-your-foscam-camera-important-notice.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6831"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6831"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008030"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6831"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-496"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008030"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6831"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-496"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12143"
          },
          {
            "date": "2018-07-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-136863"
          },
          {
            "date": "2018-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008030"
          },
          {
            "date": "2018-07-09T17:29:00.260000",
            "db": "NVD",
            "id": "CVE-2018-6831"
          },
          {
            "date": "2018-07-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-496"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12143"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-136863"
          },
          {
            "date": "2018-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008030"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2018-6831"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-496"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-496"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Foscam Command injection vulnerability in camera",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008030"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-496"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0076

    Vulnerability from variot - Updated: 2023-12-18 13:52

    A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication. Foscam C1 Indoor HD Camera Application firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. There is a factory reset vulnerability in the Multi-Camera interface in FoscamC1IndoorHDCamera that caused the program to fail to implement error detection

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0076",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c1",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "foscam",
            "version": "2.52.2.43"
          },
          {
            "model": "system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.9.3.18"
          },
          {
            "model": "indoor ip camera c1 plug-in",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "3.3.0.26"
          },
          {
            "model": "indoor ip camera c1 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.52.2.43"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34269"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2877"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-429"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_firmware:2.52.2.43:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2877"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Claudio Bozzato of Cisco Talos",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-429"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-2877",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-2877",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-34269",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-111080",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2877",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2877",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2877",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-34269",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-429",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-111080",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34269"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2877"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2877"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-429"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication. Foscam C1 Indoor HD Camera Application firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. There is a factory reset vulnerability in the Multi-Camera interface in FoscamC1IndoorHDCamera that caused the program to fail to implement error detection",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014274"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34269"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111080"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2017-0384",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2877",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014274",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-429",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34269",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96862",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-111080",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34269"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2877"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-429"
          }
        ]
      },
      "id": "VAR-201809-0076",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34269"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111080"
          }
        ],
        "trust": 1.6761904666666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34269"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:52:33.357000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.foscam.com/"
          },
          {
            "title": "FoscamIPVideoCamera reset patch for factory settings vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/106255"
          },
          {
            "title": "Foscam IP Video Camera Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76297"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34269"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-429"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-755",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-111080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2877"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0384"
          },
          {
            "trust": 1.2,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0384"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2877"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2877"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34269"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2877"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-429"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34269"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2877"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-429"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34269"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111080"
          },
          {
            "date": "2018-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014274"
          },
          {
            "date": "2018-09-19T18:29:00.547000",
            "db": "NVD",
            "id": "CVE-2017-2877"
          },
          {
            "date": "2017-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-429"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34269"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111080"
          },
          {
            "date": "2018-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014274"
          },
          {
            "date": "2022-06-07T17:21:36.987000",
            "db": "NVD",
            "id": "CVE-2017-2877"
          },
          {
            "date": "2022-07-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-429"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-429"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C1 Indoor HD Camera Application firmware vulnerabilities related to authorization, permissions, and access control",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014274"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-429"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0741

    Vulnerability from variot - Updated: 2023-12-18 13:48

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. FoscamOpticami5 is an IP camera from Foscom (FOSCAM). An unauthenticated attacker can exploit this vulnerability for cross-site scripting attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0741",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          }
        ]
      },
      "cve": "CVE-2018-19080",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-19080",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2018-22820",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-129704",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-19080",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19080",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22820",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-157",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129704",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. FoscamOpticami5 is an IP camera from Foscom (FOSCAM). An unauthenticated attacker can exploit this vulnerability for cross-site scripting attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19080",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ]
      },
      "id": "VAR-201811-0741",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:48:04.415000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19080"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19080"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "date": "2018-11-07T18:29:06.807000",
            "db": "NVD",
            "id": "CVE-2018-19080"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "date": "2018-12-13T16:20:08.030000",
            "db": "NVD",
            "id": "CVE-2018-19080"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0825

    Vulnerability from variot - Updated: 2023-12-18 13:48

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials. FoscamOptiCami5 is an IP camera from China Foscam. There are security vulnerabilities in FoscamOpticami5deviceswithSystemFirmware1.5.2.11 and ApplicationFirmware2.21.1.128. An attacker could exploit this vulnerability to control the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0825",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          }
        ]
      },
      "cve": "CVE-2018-19068",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-19068",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-22816",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "VHN-129690",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.2,
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-19068",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19068",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22816",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-145",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129690",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials. FoscamOptiCami5 is an IP camera from China Foscam. There are security vulnerabilities in FoscamOpticami5deviceswithSystemFirmware1.5.2.11 and ApplicationFirmware2.21.1.128. An attacker could exploit this vulnerability to control the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19068",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          }
        ]
      },
      "id": "VAR-201811-0825",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:48:04.338000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19068"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19068"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "date": "2018-11-07T18:29:02.100000",
            "db": "NVD",
            "id": "CVE-2018-19068"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2018-19068"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 Vulnerabilities related to security functions in device system firmware and application firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201212-0070

    Vulnerability from variot - Updated: 2023-12-18 13:44

    The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL. Other vendors that share the same base firmware image are also vulnerable. Successful exploits may allow attackers to bypass certain security restrictions and gain unauthorized administrator access. Foscam/Wansview H.264 Hi3510/11/12 IP cameras are web-based implementations of IP cameras. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: Foscam IP Cameras Web Interface Security Bypass Vulnerability

    SECUNIA ADVISORY ID: SA50950

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50950/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50950

    RELEASE DATE: 2012-10-17

    DISCUSS ADVISORY: http://secunia.com/advisories/50950/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/50950/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=50950

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been reported in Foscam IP Cameras, which can be exploited by malicious people to bypass certain security restrictions.

    The vulnerability is caused due to an unspecified error in the web-based management interface and can be exploited to execute arbitrary commands with privileges of an administrative user.

    SOLUTION: No official solution is currently available.

    PROVIDED AND/OR DISCOVERED BY: US-CERT credits Don Kennedy.

    ORIGINAL ADVISORY: US-CERT (VU#265532): http://www.kb.cert.org/vuls/id/265532

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201212-0070",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "h.264 hi3510\\/11\\/12 ip camera",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "wansview",
            "version": null
          },
          {
            "model": "h.264 hi3510\\/11\\/12 ip camera",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam intelligent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wansview",
            "version": null
          },
          {
            "model": "h264 ip camera",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam intelligent",
            "version": null
          },
          {
            "model": "wireless ip camera",
            "scope": null,
            "trust": 0.8,
            "vendor": "wansview",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#265532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-004937"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-202"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:foscam:h.264_hi3510\\/11\\/12_ip_camera:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:wansview:h.264_hi3510\\/11\\/12_ip_camera:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-3002"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Don Kennedy",
        "sources": [
          {
            "db": "BID",
            "id": "55873"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-202"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2012-3002",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 9.7,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 7.9,
                "exploitability": "PROOF-OF-CONCEPT",
                "exploitabilityScore": 10.0,
                "id": "CVE-2012-3002",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "UNAVAILABLE",
                "reportConfidence": "UNCOFIRMED",
                "severity": "HIGH",
                "targetDistribution": "NOT DEFINED",
                "trust": 0.8,
                "userInterationRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2012-3002",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-56283",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-3002",
                "trust": 2.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201210-202",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-56283",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#265532"
          },
          {
            "db": "VULHUB",
            "id": "VHN-56283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-004937"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-202"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL.  Other vendors that share the same base firmware image are also vulnerable. \nSuccessful exploits may allow attackers to bypass certain security restrictions and gain unauthorized administrator access. Foscam/Wansview H.264 Hi3510/11/12 IP cameras are web-based implementations of IP cameras. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nFoscam IP Cameras Web Interface Security Bypass Vulnerability\n\nSECUNIA ADVISORY ID:\nSA50950\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50950/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50950\n\nRELEASE DATE:\n2012-10-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50950/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50950/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50950\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Foscam IP Cameras, which can be\nexploited by malicious people to bypass certain security\nrestrictions. \n\nThe vulnerability is caused due to an unspecified error in the\nweb-based management interface and can be exploited to execute\narbitrary commands with privileges of an administrative user. \n\nSOLUTION:\nNo official solution is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Don Kennedy. \n\nORIGINAL ADVISORY:\nUS-CERT (VU#265532):\nhttp://www.kb.cert.org/vuls/id/265532\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-3002"
          },
          {
            "db": "CERT/CC",
            "id": "VU#265532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-004937"
          },
          {
            "db": "BID",
            "id": "55873"
          },
          {
            "db": "VULHUB",
            "id": "VHN-56283"
          },
          {
            "db": "PACKETSTORM",
            "id": "117431"
          },
          {
            "db": "PACKETSTORM",
            "id": "117427"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-3002",
            "trust": 3.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#265532",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "55873",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "50950",
            "trust": 1.9
          },
          {
            "db": "SECUNIA",
            "id": "50966",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-004937",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-202",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-56283",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "117431",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "117427",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#265532"
          },
          {
            "db": "VULHUB",
            "id": "VHN-56283"
          },
          {
            "db": "BID",
            "id": "55873"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-004937"
          },
          {
            "db": "PACKETSTORM",
            "id": "117431"
          },
          {
            "db": "PACKETSTORM",
            "id": "117427"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-202"
          }
        ]
      },
      "id": "VAR-201212-0070",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-56283"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:44:37.294000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ShenZhen Foscam Intelligent Technology Limited",
            "trust": 0.8,
            "url": "http://www.foscam.com/"
          },
          {
            "title": "H264 IP Camera Web Interface Authentication Bypass Test Tool",
            "trust": 0.8,
            "url": "http://foscam.us/forum/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html"
          },
          {
            "title": "Download",
            "trust": 0.8,
            "url": "http://www.foscam.com/help.aspx?typeid=11"
          },
          {
            "title": "Wansview Wireless IP Cameras",
            "trust": 0.8,
            "url": "http://wansview.net/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-004937"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-56283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-004937"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3002"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "http://www.kb.cert.org/vuls/id/265532"
          },
          {
            "trust": 2.5,
            "url": "http://foscam.us/forum/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/55873"
          },
          {
            "trust": 1.7,
            "url": "http://www.foscam.com/help.aspx?typeid=11"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/50950"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/50966"
          },
          {
            "trust": 0.8,
            "url": "http://www.foscam.com/"
          },
          {
            "trust": 0.8,
            "url": "http://wansview.net/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3002"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu265532/"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3002"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50950"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50950/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50950/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50966/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50966"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50966/#comments"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#265532"
          },
          {
            "db": "VULHUB",
            "id": "VHN-56283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-004937"
          },
          {
            "db": "PACKETSTORM",
            "id": "117431"
          },
          {
            "db": "PACKETSTORM",
            "id": "117427"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-202"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#265532"
          },
          {
            "db": "VULHUB",
            "id": "VHN-56283"
          },
          {
            "db": "BID",
            "id": "55873"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-004937"
          },
          {
            "db": "PACKETSTORM",
            "id": "117431"
          },
          {
            "db": "PACKETSTORM",
            "id": "117427"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-202"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-10-10T00:00:00",
            "db": "CERT/CC",
            "id": "VU#265532"
          },
          {
            "date": "2012-12-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-56283"
          },
          {
            "date": "2012-10-10T00:00:00",
            "db": "BID",
            "id": "55873"
          },
          {
            "date": "2012-10-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-004937"
          },
          {
            "date": "2012-10-17T10:04:33",
            "db": "PACKETSTORM",
            "id": "117431"
          },
          {
            "date": "2012-10-17T10:04:20",
            "db": "PACKETSTORM",
            "id": "117427"
          },
          {
            "date": "2012-12-21T11:47:36.363000",
            "db": "NVD",
            "id": "CVE-2012-3002"
          },
          {
            "date": "2012-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201210-202"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-10-23T00:00:00",
            "db": "CERT/CC",
            "id": "VU#265532"
          },
          {
            "date": "2013-03-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-56283"
          },
          {
            "date": "2012-10-10T00:00:00",
            "db": "BID",
            "id": "55873"
          },
          {
            "date": "2012-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-004937"
          },
          {
            "date": "2013-03-02T04:42:59.453000",
            "db": "NVD",
            "id": "CVE-2012-3002"
          },
          {
            "date": "2012-12-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201210-202"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-202"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multi-vendor IP camera web interface authentication bypass",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#265532"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-202"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0079

    Vulnerability from variot - Updated: 2023-12-18 13:43

    An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. DDNSclient is one of the dynamic domain name service clients

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0079",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c1",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "foscam",
            "version": "2.52.2.43"
          },
          {
            "model": "system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.9.3.18"
          },
          {
            "model": "indoor ip camera c1 plug-in",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "3.3.0.26"
          },
          {
            "model": "indoor ip camera c1 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.52.2.43"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34260"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014271"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-420"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_firmware:2.52.2.43:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2854"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Claudio Bozzato and another member of Cisco Talos",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-420"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-2854",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-2854",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2017-34260",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-111057",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2854",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2854",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2854",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-34260",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-420",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-111057",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34260"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111057"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014271"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2854"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-420"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. DDNSclient is one of the dynamic domain name service clients",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2854"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014271"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34260"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111057"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2017-0357",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2854",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014271",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-420",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34260",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96860",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-111057",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34260"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111057"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014271"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-420"
          }
        ]
      },
      "id": "VAR-201809-0079",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34260"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111057"
          }
        ],
        "trust": 1.6761904666666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34260"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:43:34.377000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.foscam.com/downloads/index.html"
          },
          {
            "title": "Patch for FoscamC1IndoorHDCameraDDNS Client Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/106246"
          },
          {
            "title": "Foscam C1 Indoor HD Camera DDNS Fixes for client buffer error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76288"
          },
          {
            "title": "Foscam C1 Indoor HD Camera DDNS Fixes for client buffer error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76294"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34260"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014271"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-420"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-111057"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014271"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2854"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0357"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2854"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2854"
          },
          {
            "trust": 0.6,
            "url": "https://www.talosintelligence.com/reports/talos-2017-0357/"
          },
          {
            "trust": 0.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0357"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34260"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111057"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014271"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-420"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34260"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111057"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014271"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2854"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-420"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34260"
          },
          {
            "date": "2018-09-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111057"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014271"
          },
          {
            "date": "2018-09-17T20:29:00.367000",
            "db": "NVD",
            "id": "CVE-2017-2854"
          },
          {
            "date": "2017-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-420"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34260"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111057"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014271"
          },
          {
            "date": "2022-06-07T17:25:58.063000",
            "db": "NVD",
            "id": "CVE-2017-2854"
          },
          {
            "date": "2022-06-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-420"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-420"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C1 Indoor HD Camera Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014271"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-420"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0736

    Vulnerability from variot - Updated: 2023-12-18 13:43

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8. Foscam C2 Device and Opticam i5 The device contains an information disclosure vulnerability.Information may be obtained. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0736",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          }
        ]
      },
      "cve": "CVE-2018-19075",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-19075",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04043",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-129698",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-19075",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19075",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04043",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-152",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129698",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8. Foscam C2 Device and Opticam i5 The device contains an information disclosure vulnerability.Information may be obtained. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19075",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          }
        ]
      },
      "id": "VAR-201811-0736",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:43:31.727000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19075"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19075"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "date": "2018-11-07T18:29:04.697000",
            "db": "NVD",
            "id": "CVE-2018-19075"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "date": "2018-12-11T14:34:36.203000",
            "db": "NVD",
            "id": "CVE-2018-19075"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Information disclosure vulnerability in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0820

    Vulnerability from variot - Updated: 2023-12-18 13:43

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password. Foscam C2 Devices and Opticam i5 The device is vulnerable to the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). The vulnerability stems from the use of a null password in the admin account, which an attacker can use to control the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0820",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          }
        ]
      },
      "cve": "CVE-2018-19063",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2018-19063",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04049",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129685",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19063",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19063",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04049",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-140",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129685",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19063",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password. Foscam C2 Devices and Opticam i5 The device is vulnerable to the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). The vulnerability stems from the use of a null password in the admin account, which an attacker can use to control the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19063",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          }
        ]
      },
      "id": "VAR-201811-0820",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:43:31.639000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19063"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19063"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "date": "2018-11-07T18:29:00.523000",
            "db": "NVD",
            "id": "CVE-2018-19063"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "date": "2018-12-11T15:43:40.080000",
            "db": "NVD",
            "id": "CVE-2018-19063"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Devices and  Opticam i5 Vulnerability in using hard-coded credentials on device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0739

    Vulnerability from variot - Updated: 2023-12-18 13:38

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. Foscam Opticam i5 There are vulnerabilities related to certificate and password management in the system firmware and application firmware of devices.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0739",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          }
        ]
      },
      "cve": "CVE-2018-19078",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-19078",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-22818",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-129701",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19078",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19078",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22818",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-155",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129701",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. Foscam Opticam i5 There are vulnerabilities related to certificate and password management in the system firmware and application firmware of devices.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19078",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          }
        ]
      },
      "id": "VAR-201811-0739",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:38:26.478000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-522",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19078"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19078"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "date": "2018-11-07T18:29:05.853000",
            "db": "NVD",
            "id": "CVE-2018-19078"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2018-19078"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 Vulnerabilities related to certificate and password management in device system firmware and application firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0823

    Vulnerability from variot - Updated: 2023-12-18 13:38

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift password in some cases. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An information disclosure vulnerability exists in the FoscamC2 and Opticami5 devices that originated from the configuration backup file using a hard-coded password (Pxift) that an attacker could use to control the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0823",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          }
        ]
      },
      "cve": "CVE-2018-19066",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-19066",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04053",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-129688",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19066",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19066",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04053",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-143",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129688",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift* password in some cases. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An information disclosure vulnerability exists in the FoscamC2 and Opticami5 devices that originated from the configuration backup file using a hard-coded password (Pxift*) that an attacker could use to control the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19066",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          }
        ]
      },
      "id": "VAR-201811-0823",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:38:26.387000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19066"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19066"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "date": "2018-11-07T18:29:01.570000",
            "db": "NVD",
            "id": "CVE-2018-19066"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "date": "2018-12-11T15:28:09.347000",
            "db": "NVD",
            "id": "CVE-2018-19066"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to the use of hard-coded credentials on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201703-0744

    Vulnerability from variot - Updated: 2023-12-18 13:34

    A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges. Foscam is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. Both Foscam and Vstarcam IP camera are network camera products. Goahead webserver is one of the cross-platform embedded webserver

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0744",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "goahead",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "embedthis",
            "version": null
          },
          {
            "model": "goahead",
            "scope": null,
            "trust": 0.8,
            "vendor": "embedthis",
            "version": null
          },
          {
            "model": "foscam",
            "scope": null,
            "trust": 0.6,
            "vendor": "foscam",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-03633"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002234"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-532"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:embedthis:goahead:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-5675"
          }
        ]
      },
      "cve": "CVE-2017-5675",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-5675",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-03633",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-113878",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-5675",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-5675",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-03633",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-532",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-113878",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-03633"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002234"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-532"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges. Foscam is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. Both Foscam and Vstarcam IP camera are network camera products. Goahead webserver is one of the cross-platform embedded webserver",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-5675"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002234"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-03633"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113878"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-5675",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002234",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-532",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-03633",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-113878",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-03633"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002234"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-532"
          }
        ]
      },
      "id": "VAR-201703-0744",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-03633"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113878"
          }
        ],
        "trust": 0.06999999999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-03633"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:34:18.865000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://embedthis.com/goahead/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002234"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-113878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002234"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5675"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://www.cybereason.com/cve-ip-cameras/"
          },
          {
            "trust": 2.5,
            "url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5675"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5675"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-03633"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002234"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-532"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-03633"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002234"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-532"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-03633"
          },
          {
            "date": "2017-03-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-113878"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002234"
          },
          {
            "date": "2017-03-13T06:59:00.417000",
            "db": "NVD",
            "id": "CVE-2017-5675"
          },
          {
            "date": "2017-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-532"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-03633"
          },
          {
            "date": "2017-03-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-113878"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002234"
          },
          {
            "date": "2017-03-15T17:11:08.363000",
            "db": "NVD",
            "id": "CVE-2017-5675"
          },
          {
            "date": "2017-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-532"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-532"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Such as white label  IP For custom builds used in camera models  GoAhead Web Command injection vulnerability in the server",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002234"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-532"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-0561

    Vulnerability from variot - Updated: 2023-12-18 13:33

    Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image. Foscam C1 Indoor HD Camera Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. A security vulnerability exists in the recovery process used in FoscamC1IndoorHDCamera, which is caused by a program that does not adequately perform security checks. ### Tested Versions Foscam Indoor IP Camera C1 Series System Firmware Version: 1.9.3.18 Application Firmware Version: 2.52.2.43 Plug-In Version: 3.3.0.26 ### Product URLs http://www.foscam.com/downloads/index.html ### CVSSv3 Score 9.6 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H ### CWE CWE-287: Improper Authentication ### Details Foscam produces a series of IP-capable surveillance devices, network video recorders, and baby monitors for the end-user. Foscam produces a range of cameras for both indoor and outdoor use and with wireless capability. One of these models is the C1 series which contains a web-based user interface for management and is based on..

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0561",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c1",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "foscam",
            "version": "2.52.2.43"
          },
          {
            "model": "c1 indoor hd camera",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "foscam",
            "version": "2.52.2.43"
          },
          {
            "model": "indoor ip camera c1 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "foscam",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013275"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-789"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_firmware:2.52.2.43:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2871"
          }
        ]
      },
      "cve": "CVE-2017-2871",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-2871",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2018-09719",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "VHN-111074",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2871",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2871",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2871",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-09719",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-789",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-111074",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-2871",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09719"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111074"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013275"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2871"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-789"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image. Foscam C1 Indoor HD Camera Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam. A security vulnerability exists in the recovery process used in FoscamC1IndoorHDCamera, which is caused by a program that does not adequately perform security checks. ### Tested Versions Foscam Indoor IP Camera C1 Series System Firmware Version: 1.9.3.18 Application Firmware Version: 2.52.2.43 Plug-In Version: 3.3.0.26 ### Product URLs http://www.foscam.com/downloads/index.html ### CVSSv3 Score 9.6 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H ### CWE CWE-287: Improper Authentication ### Details Foscam produces a series of IP-capable surveillance devices, network video recorders, and baby monitors for the end-user. Foscam produces a range of cameras for both indoor and outdoor use and with wireless capability. One of these models is the C1 series which contains a web-based user interface for management and is based on..",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013275"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-09719"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111074"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2871"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2017-0378",
            "trust": 3.2
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2871",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013275",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-09719",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-789",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-97305",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-111074",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2871",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09719"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111074"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013275"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-789"
          }
        ]
      },
      "id": "VAR-201804-0561",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09719"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111074"
          }
        ],
        "trust": 1.503571435
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09719"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:33:52.960000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.foscam.com/downloads/index.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013275"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-111074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013275"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2871"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0378"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2871"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2871"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141772"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09719"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111074"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013275"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-789"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09719"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111074"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013275"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-789"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-09719"
          },
          {
            "date": "2018-04-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111074"
          },
          {
            "date": "2018-04-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2871"
          },
          {
            "date": "2018-06-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013275"
          },
          {
            "date": "2018-04-17T20:29:00.223000",
            "db": "NVD",
            "id": "CVE-2017-2871"
          },
          {
            "date": "2018-04-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-789"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-09719"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111074"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2871"
          },
          {
            "date": "2018-06-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013275"
          },
          {
            "date": "2022-06-07T17:24:40.237000",
            "db": "NVD",
            "id": "CVE-2017-2871"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-789"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-789"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C1 Indoor HD Camera Authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013275"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-789"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0732

    Vulnerability from variot - Updated: 2023-12-18 13:33

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up. Foscam C2 Device and Opticam i5 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). Security vulnerabilities exist in Foscam C2 and Opticam i5 devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0732",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          }
        ]
      },
      "cve": "CVE-2018-19071",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-19071",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-04050",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-129694",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19071",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19071",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04050",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-148",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129694",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19071",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up. Foscam C2 Device and Opticam i5 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). Security vulnerabilities exist in Foscam C2 and Opticam i5 devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19071",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          }
        ]
      },
      "id": "VAR-201811-0732",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:33:40.473000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-732",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19071"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19071"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/732.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "date": "2018-11-07T18:29:03.397000",
            "db": "NVD",
            "id": "CVE-2018-19071"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2018-19071"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to authorization, authority, and access control in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201303-0326

    Vulnerability from variot - Updated: 2023-12-18 13:29

    Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials. ( Dot dot ) including URI Any file may be read via. Foscam is a webcam video recording device. Foscam has a path traversal vulnerability where an unauthenticated attacker can access the entire file system and steal network and WiFi credentials. Foscam is prone to a directory-traversal vulnerability. This may aid in further attacks. Foscam is a leading professional high-tech company providing IP video products and solutions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201303-0326",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fi8919w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "firmware_11.37.2.47"
          },
          {
            "model": "fi8919w",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "foscam",
            "version": "firmware 11.37.2.49"
          },
          {
            "model": "foscam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "\u003c=11.37.2.48"
          },
          {
            "model": "fi8919w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "firmware_11.37.2.47"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-01448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001913"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-334"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:foscam:fi8919w:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "firmware_11.37.2.47",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-2560"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Frederic Basse",
        "sources": [
          {
            "db": "BID",
            "id": "58290"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-075"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-2560",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.8,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2013-2560",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-62562",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-2560",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201303-334",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-62562",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-62562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001913"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-334"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials. ( Dot dot ) including URI Any file may be read via. Foscam is a webcam video recording device. Foscam has a path traversal vulnerability where an unauthenticated attacker can access the entire file system and steal network and WiFi credentials. Foscam is prone to a directory-traversal vulnerability. This may aid in further attacks. Foscam is a leading professional high-tech company providing IP video products and solutions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-2560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-01448"
          },
          {
            "db": "BID",
            "id": "58290"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62562"
          }
        ],
        "trust": 2.52
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-62562",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-62562"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-2560",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "58290",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001913",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "120624",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-334",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-01448",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20130313 RE: [CVE-REQUEST] FOSCAM \u003c= 11.37.2.48 PATH TRAVERSAL VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-075",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "38356",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-62562",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-01448"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62562"
          },
          {
            "db": "BID",
            "id": "58290"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001913"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-334"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-075"
          }
        ]
      },
      "id": "VAR-201303-0326",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-01448"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62562"
          }
        ],
        "trust": 0.06999999999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-01448"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:29:54.443000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://foscam.us/"
          },
          {
            "title": "Foscam path traversal vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/32615"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-01448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001913"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-62562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001913"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2560"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2560"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2560"
          },
          {
            "trust": 0.6,
            "url": "http://packetstormsecurity.com/files/120624/foscam-firmware-11.37.2.48-path-traversal.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/58290"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-01448"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001913"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-334"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-075"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-01448"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62562"
          },
          {
            "db": "BID",
            "id": "58290"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001913"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-334"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-075"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-03-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-01448"
          },
          {
            "date": "2013-03-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-62562"
          },
          {
            "date": "2013-03-01T00:00:00",
            "db": "BID",
            "id": "58290"
          },
          {
            "date": "2013-03-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001913"
          },
          {
            "date": "2013-03-15T20:55:11.413000",
            "db": "NVD",
            "id": "CVE-2013-2560"
          },
          {
            "date": "2013-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201303-334"
          },
          {
            "date": "2013-03-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201303-075"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-05-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-01448"
          },
          {
            "date": "2013-03-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-62562"
          },
          {
            "date": "2013-10-16T01:04:00",
            "db": "BID",
            "id": "58290"
          },
          {
            "date": "2013-03-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001913"
          },
          {
            "date": "2013-03-20T04:00:00",
            "db": "NVD",
            "id": "CVE-2013-2560"
          },
          {
            "date": "2013-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201303-334"
          },
          {
            "date": "2013-03-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201303-075"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-334"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-075"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Directory traversal vulnerability in device firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001913"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-334"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201303-075"
          }
        ],
        "trust": 1.2
      }
    }

    VAR-201811-0733

    Vulnerability from variot - Updated: 2023-12-18 13:28

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An archive file replacement vulnerability exists in FoscamC2 and Opticami5 devices that can be exploited by local attackers to replace archived files

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0733",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          }
        ]
      },
      "cve": "CVE-2018-19072",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 3.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-19072",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-04046",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "VHN-129695",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-19072",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19072",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04046",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-149",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129695",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An archive file replacement vulnerability exists in FoscamC2 and Opticami5 devices that can be exploited by local attackers to replace archived files",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19072",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          }
        ]
      },
      "id": "VAR-201811-0733",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:28:41.993000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-732",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19072"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19072"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "date": "2018-11-07T18:29:03.697000",
            "db": "NVD",
            "id": "CVE-2018-19072"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2018-19072"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to authorization, authority, and access control in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201403-0386

    Vulnerability from variot - Updated: 2023-12-18 13:24

    The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password. The FI8910W Foscam IP camera running firmware version 11.37.2.54 fails to properly authenticate users. Foscam Provided by FI8910W There is an authentication bypass vulnerability (CWE-592) Exists. CWE-592: Authentication Bypass Issues http://cwe.mitre.org/data/definitions/592.htmlA remote attacker may be able to access video streaming or image files. FOSCAM IP-Cameras is a webcam device. FOSCAM FI8910W IP camera is prone to an authentication-bypass vulnerability. Attackers may exploit this issue to execute arbitrary commands, gain unauthorized access, or bypass intended security restrictions. Other attacks may also be possible. http://drupal.org/node/207891

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0386",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fi8919w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "11.37.2.54"
          },
          {
            "model": "fi8919w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam intelligent",
            "version": null
          },
          {
            "model": "fi8910w",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam intelligent",
            "version": null
          },
          {
            "model": "fi8910w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "foscam intelligent",
            "version": "version 11.37.2.54"
          },
          {
            "model": "foscam intelligent technology limited copyright. fi8910w foscam ip camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "",
            "version": "11.37.2.54"
          },
          {
            "model": "fi8919w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "11.37.2.54"
          },
          {
            "model": "fi8910w",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "foscam digital",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#525132"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01501"
          },
          {
            "db": "BID",
            "id": "65931"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001563"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-1911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-140"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:fi8919w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "11.37.2.54",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:fi8919w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-1911"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "stiegl",
        "sources": [
          {
            "db": "BID",
            "id": "65931"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-1911",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 7.8,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 1.7,
                "exploitability": "HIGH",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-1911",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "LOW",
                "trust": 0.8,
                "userInterationRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.8,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2014-1911",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-01501",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-69850",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-1911",
                "trust": 2.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-01501",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201403-140",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-69850",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#525132"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01501"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69850"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001563"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-1911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-140"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password. The FI8910W Foscam IP camera running firmware version 11.37.2.54  fails to properly authenticate users. Foscam Provided by FI8910W There is an authentication bypass vulnerability (CWE-592) Exists. CWE-592: Authentication Bypass Issues http://cwe.mitre.org/data/definitions/592.htmlA remote attacker may be able to access video streaming or image files. FOSCAM IP-Cameras is a webcam device. FOSCAM FI8910W IP camera is prone to an authentication-bypass vulnerability. \nAttackers may exploit this issue to execute arbitrary commands, gain unauthorized access, or bypass intended security restrictions. Other attacks may also be possible. \nhttp://drupal.org/node/207891",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-1911"
          },
          {
            "db": "CERT/CC",
            "id": "VU#525132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001563"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01501"
          },
          {
            "db": "BID",
            "id": "65931"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69850"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-1911",
            "trust": 4.2
          },
          {
            "db": "CERT/CC",
            "id": "VU#525132",
            "trust": 4.2
          },
          {
            "db": "BID",
            "id": "65931",
            "trust": 1.0
          },
          {
            "db": "JVN",
            "id": "JVNVU93348073",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001563",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-140",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01501",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "57056",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-61680",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-69850",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#525132"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01501"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69850"
          },
          {
            "db": "BID",
            "id": "65931"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001563"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-1911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-140"
          }
        ]
      },
      "id": "VAR-201403-0386",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01501"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69850"
          }
        ],
        "trust": 1.3666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01501"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:24:56.908000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Technical Support - Re: MJPEG .54 Firmware Bug - User Logon Bypass",
            "trust": 0.8,
            "url": "http://foscam.us/forum/mjpeg-54-firmware-bug-user-logon-bypass-t8442-10.html#p40810"
          },
          {
            "title": "Foscam Firmware Downloads",
            "trust": 0.8,
            "url": "http://foscam.us/firmware"
          },
          {
            "title": "FOSCAM FI8910W IP Camera verifies the patch that bypasses the vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/44081"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01501"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001563"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-69850"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001563"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-1911"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.kb.cert.org/vuls/id/525132"
          },
          {
            "trust": 2.5,
            "url": "http://foscam.us/forum/mjpeg-54-firmware-bug-user-logon-bypass-t8442.html"
          },
          {
            "trust": 0.8,
            "url": "http://foscam.us/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1911"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93348073/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1911"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/57056"
          },
          {
            "trust": 0.3,
            "url": "http://www.foscam.com/down3.aspx"
          },
          {
            "trust": 0.3,
            "url": "http://www.foscam.com/"
          },
          {
            "trust": 0.3,
            "url": "http://foscam.us/forum/mjpeg-54-firmware-bug-user-logon-bypass-t8442-10.html#p40810"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#525132"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01501"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69850"
          },
          {
            "db": "BID",
            "id": "65931"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001563"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-1911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-140"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#525132"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01501"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69850"
          },
          {
            "db": "BID",
            "id": "65931"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001563"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-1911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-140"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-03T00:00:00",
            "db": "CERT/CC",
            "id": "VU#525132"
          },
          {
            "date": "2014-03-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01501"
          },
          {
            "date": "2014-03-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-69850"
          },
          {
            "date": "2014-03-03T00:00:00",
            "db": "BID",
            "id": "65931"
          },
          {
            "date": "2014-03-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001563"
          },
          {
            "date": "2014-03-06T11:55:05.473000",
            "db": "NVD",
            "id": "CVE-2014-1911"
          },
          {
            "date": "2014-03-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201403-140"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-03T00:00:00",
            "db": "CERT/CC",
            "id": "VU#525132"
          },
          {
            "date": "2014-03-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01501"
          },
          {
            "date": "2014-03-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-69850"
          },
          {
            "date": "2014-03-03T00:00:00",
            "db": "BID",
            "id": "65931"
          },
          {
            "date": "2014-03-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001563"
          },
          {
            "date": "2014-03-07T18:54:48.300000",
            "db": "NVD",
            "id": "CVE-2014-1911"
          },
          {
            "date": "2014-03-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201403-140"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-140"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam IP camera authentication bypass vulnerability",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#525132"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-140"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0077

    Vulnerability from variot - Updated: 2023-12-18 13:23

    An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0077",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c1",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "foscam",
            "version": "2.52.2.43"
          },
          {
            "model": "system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.9.3.18"
          },
          {
            "model": "indoor ip camera c1 plug-in",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "3.3.0.26"
          },
          {
            "model": "indoor ip camera c1 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.52.2.43"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014286"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2878"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-430"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_firmware:2.52.2.43:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2878"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Claudio Bozzato of Cisco Talos",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-430"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-2878",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.4,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2878",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-34270",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-111081",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2878",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2878",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2878",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-34270",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-430",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-111081",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-2878",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014286"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2878"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2878"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-430"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014286"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2878"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2878",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0385",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014286",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-430",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34270",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96861",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-111081",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2878",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014286"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2878"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-430"
          }
        ]
      },
      "id": "VAR-201809-0077",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111081"
          }
        ],
        "trust": 1.6761904666666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34270"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:23:58.255000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.foscam.com/"
          },
          {
            "title": "Patch for FoscamIPVideoCamera Buffer Overflow Vulnerability (CNVD-2017-34270)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/106256"
          },
          {
            "title": "Foscam IP Video Camera Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76298"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014286"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-430"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-111081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014286"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2878"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0385"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2878"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2878"
          },
          {
            "trust": 0.6,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0385"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55996"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014286"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2878"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-430"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014286"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2878"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-430"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34270"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111081"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2878"
          },
          {
            "date": "2018-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014286"
          },
          {
            "date": "2018-09-19T16:29:00.647000",
            "db": "NVD",
            "id": "CVE-2017-2878"
          },
          {
            "date": "2017-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-430"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34270"
          },
          {
            "date": "2018-11-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111081"
          },
          {
            "date": "2018-11-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2878"
          },
          {
            "date": "2018-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014286"
          },
          {
            "date": "2022-06-07T17:21:09.083000",
            "db": "NVD",
            "id": "CVE-2017-2878"
          },
          {
            "date": "2022-07-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-430"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-430"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C1 Indoor HD Camera Application firmware buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014286"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-430"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0731

    Vulnerability from variot - Updated: 2023-12-18 13:23

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action. Foscam C2 Device and Opticam i5 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An operating system command injection vulnerability exists in the FoscamC2 and Opticami5 devices. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0731",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          }
        ]
      },
      "cve": "CVE-2018-19070",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2018-19070",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2019-04051",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-129693",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19070",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19070",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04051",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-147",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129693",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action. Foscam C2 Device and Opticam i5 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An operating system command injection vulnerability exists in the FoscamC2 and Opticami5 devices. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19070",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          }
        ]
      },
      "id": "VAR-201811-0731",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:23:55.047000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19070"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19070"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "date": "2018-11-07T18:29:02.773000",
            "db": "NVD",
            "id": "CVE-2018-19070"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "date": "2018-12-11T14:57:16.450000",
            "db": "NVD",
            "id": "CVE-2018-19070"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 In the device  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0078

    Vulnerability from variot - Updated: 2023-12-18 13:18

    An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in the same subnetwork and reply to a discovery message to trigger this vulnerability. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0078",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c1",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "foscam",
            "version": "2.52.2.43"
          },
          {
            "model": "system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.9.3.18"
          },
          {
            "model": "indoor ip camera c1 plug-in",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "3.3.0.26"
          },
          {
            "model": "indoor ip camera c1 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.52.2.43"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014277"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-431"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c1_firmware:2.52.2.43:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2879"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Claudio Bozzato of Cisco Talos",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-431"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2017-2879",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 5.5,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2879",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.2,
                "id": "CNVD-2017-34271",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 5.5,
                "id": "VHN-111082",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:A/AC:M/AU:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2879",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2879",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2879",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-34271",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-431",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-111082",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-2879",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111082"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2879"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014277"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2879"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-431"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in the same subnetwork and reply to a discovery message to trigger this vulnerability. FoscamC1IndoorHDCamera is a wireless HD IP camera from China Foscam",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2879"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014277"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111082"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2879"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2017-0386",
            "trust": 3.2
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2879",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014277",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-431",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34271",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96852",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-111082",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2879",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111082"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2879"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014277"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-431"
          }
        ]
      },
      "id": "VAR-201809-0078",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111082"
          }
        ],
        "trust": 1.6761904666666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34271"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:18:59.539000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.foscam.com/"
          },
          {
            "title": "Patch for FoscamIPVideoCamera Buffer Overflow Vulnerability (CNVD-2017-34271)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/106257"
          },
          {
            "title": "Foscam IP Video Camera Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76299"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-431"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-111082"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014277"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2879"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0386"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2879"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2879"
          },
          {
            "trust": 0.6,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0386"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55996"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111082"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2879"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014277"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-431"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111082"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2879"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014277"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-431"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34271"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111082"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2879"
          },
          {
            "date": "2018-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014277"
          },
          {
            "date": "2018-09-19T16:29:00.770000",
            "db": "NVD",
            "id": "CVE-2017-2879"
          },
          {
            "date": "2017-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-431"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34271"
          },
          {
            "date": "2018-11-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111082"
          },
          {
            "date": "2018-11-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2879"
          },
          {
            "date": "2018-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014277"
          },
          {
            "date": "2022-06-07T17:21:14.987000",
            "db": "NVD",
            "id": "CVE-2017-2879"
          },
          {
            "date": "2022-07-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-431"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-431"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C1 Indoor HD Camera Application firmware buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014277"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-431"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0740

    Vulnerability from variot - Updated: 2023-12-18 13:18

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. Foscam Opticam i5 There is an input validation vulnerability in the device system firmware and application firmware.Service operation interruption (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM). This vulnerability could be exploited by an unauthenticated attacker to cause a device reboot

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0740",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          }
        ]
      },
      "cve": "CVE-2018-19079",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-19079",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-22819",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129702",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-19079",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19079",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22819",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-156",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129702",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. Foscam Opticam i5 There is an input validation vulnerability in the device system firmware and application firmware.Service operation interruption (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM). This vulnerability could be exploited by an unauthenticated attacker to cause a device reboot",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19079",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          }
        ]
      },
      "id": "VAR-201811-0740",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:18:56.486000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-862",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19079"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19079"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "date": "2018-11-07T18:29:06.353000",
            "db": "NVD",
            "id": "CVE-2018-19079"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "date": "2020-08-24T17:37:01.140000",
            "db": "NVD",
            "id": "CVE-2018-19079"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 Vulnerability related to input verification in device system firmware and application firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0824

    Vulnerability from variot - Updated: 2023-12-18 13:18

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A hard-coded password vulnerability exists in FoscamC2 and Opticami5 devices. The vulnerability stems from the use of hard-coded passwords in the factory account (Ak47@99), which can be exploited by attackers to control devices. An attacker could exploit this vulnerability to take control of the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0824",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          }
        ]
      },
      "cve": "CVE-2018-19067",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2018-19067",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04052",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129689",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19067",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19067",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04052",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-144",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129689",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19067",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A hard-coded password vulnerability exists in FoscamC2 and Opticami5 devices. The vulnerability stems from the use of hard-coded passwords in the factory account (Ak47@99), which can be exploited by attackers to control devices. An attacker could exploit this vulnerability to take control of the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19067",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          }
        ]
      },
      "id": "VAR-201811-0824",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:18:56.388000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/c2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19067"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19067"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "date": "2018-11-07T18:29:01.837000",
            "db": "NVD",
            "id": "CVE-2018-19067"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "date": "2018-12-11T15:09:24.800000",
            "db": "NVD",
            "id": "CVE-2018-19067"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to the use of hard-coded credentials on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          }
        ],
        "trust": 0.6
      }
    }