CVE-2018-19068 - An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application F

CVE-2018-19068

Summary

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials.

References

https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt

Vulnerable Configurations

cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*
cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*
cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*
cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*
cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*
cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*
cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*
cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*
cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*
cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*
cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*
cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:N

refmap via4

misc

https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt

Last major update

03-10-2019 - 00:03

Published

07-11-2018 - 18:29

Last modified

03-10-2019 - 00:03