Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
32 vulnerabilities found for c1_indoor_hd_camera_firmware by foscam
CVE-2017-2851 (GCVE-0-2017-2851)
Vulnerability from nvd – Published: 2017-06-29 17:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.
Severity ?
7.5 (High)
CWE
- remote code execution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:28.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99190"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2851",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:06:35.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2850 (GCVE-0-2017-2850)
Vulnerability from nvd – Published: 2017-06-29 17:00 – Updated: 2024-09-17 00:01
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- password injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0352"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "password injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:26.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0352"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "password injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0352",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0352"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2850",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:01:46.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2849 (GCVE-0-2017-2849)
Vulnerability from nvd – Published: 2017-06-29 17:00 – Updated: 2024-09-16 19:46
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0351"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:25.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0351"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0351",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0351"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2849",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:46:08.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2848 (GCVE-0-2017-2848)
Vulnerability from nvd – Published: 2017-06-29 17:00 – Updated: 2024-09-16 20:11
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0350"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:24.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0350"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0350",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0350"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2848",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:11:21.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2847 (GCVE-0-2017-2847)
Vulnerability from nvd – Published: 2017-06-29 17:00 – Updated: 2024-09-16 23:36
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0349"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:23.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0349"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0349",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0349"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2847",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:36:23.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2846 (GCVE-0-2017-2846)
Vulnerability from nvd – Published: 2017-06-29 17:00 – Updated: 2024-09-16 19:41
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:21.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2846",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:41:13.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2845 (GCVE-0-2017-2845)
Vulnerability from nvd – Published: 2017-06-29 17:00 – Updated: 2024-09-16 20:26
VLAI?
Summary
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:20.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution"
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2845",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:21.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2844 (GCVE-0-2017-2844)
Vulnerability from nvd – Published: 2017-06-29 17:00 – Updated: 2024-09-16 19:00
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:18.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2844",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:00:30.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2843 (GCVE-0-2017-2843)
Vulnerability from nvd – Published: 2017-06-27 15:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:17.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2843",
"datePublished": "2017-06-27T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:17.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2842 (GCVE-0-2017-2842)
Vulnerability from nvd – Published: 2017-06-27 15:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:16.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0344",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2842",
"datePublished": "2017-06-27T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:17.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2841 (GCVE-0-2017-2841)
Vulnerability from nvd – Published: 2017-06-27 15:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:14.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2841",
"datePublished": "2017-06-27T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:16.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2831 (GCVE-0-2017-2831)
Vulnerability from nvd – Published: 2017-06-21 13:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
9.1 (Critical)
CWE
- buffer overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.1,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99190"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2831",
"datePublished": "2017-06-21T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:16.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2830 (GCVE-0-2017-2830)
Vulnerability from nvd – Published: 2017-06-21 13:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.1 (High)
CWE
- buffer overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:22:59.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99190"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0331",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2830",
"datePublished": "2017-06-21T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:17.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2829 (GCVE-0-2017-2829)
Vulnerability from nvd – Published: 2017-06-21 13:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
7.7 (High)
CWE
- directory traversal vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99250"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0330"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "directory traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:22:58.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99250"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0330"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.7,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "directory traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99250"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0330",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0330"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2829",
"datePublished": "2017-06-21T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:16.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2828 (GCVE-0-2017-2828)
Vulnerability from nvd – Published: 2017-06-21 13:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:22:56.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0329",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2828",
"datePublished": "2017-06-21T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:16.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2827 (GCVE-0-2017-2827)
Vulnerability from nvd – Published: 2017-06-21 13:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0328"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:22:55.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0328"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0328",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0328"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2827",
"datePublished": "2017-06-21T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:16.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2849 (GCVE-0-2017-2849)
Vulnerability from cvelistv5 – Published: 2017-06-29 17:00 – Updated: 2024-09-16 19:46
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0351"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:25.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0351"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0351",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0351"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2849",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:46:08.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2851 (GCVE-0-2017-2851)
Vulnerability from cvelistv5 – Published: 2017-06-29 17:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.
Severity ?
7.5 (High)
CWE
- remote code execution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:28.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99190"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2851",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:06:35.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2847 (GCVE-0-2017-2847)
Vulnerability from cvelistv5 – Published: 2017-06-29 17:00 – Updated: 2024-09-16 23:36
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0349"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:23.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0349"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0349",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0349"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2847",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:36:23.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2848 (GCVE-0-2017-2848)
Vulnerability from cvelistv5 – Published: 2017-06-29 17:00 – Updated: 2024-09-16 20:11
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0350"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:24.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0350"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0350",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0350"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2848",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:11:21.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2846 (GCVE-0-2017-2846)
Vulnerability from cvelistv5 – Published: 2017-06-29 17:00 – Updated: 2024-09-16 19:41
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:21.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2846",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:41:13.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2850 (GCVE-0-2017-2850)
Vulnerability from cvelistv5 – Published: 2017-06-29 17:00 – Updated: 2024-09-17 00:01
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- password injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0352"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "password injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:26.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0352"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "password injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0352",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0352"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2850",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:01:46.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2845 (GCVE-0-2017-2845)
Vulnerability from cvelistv5 – Published: 2017-06-29 17:00 – Updated: 2024-09-16 20:26
VLAI?
Summary
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:20.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution"
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2845",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:21.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2844 (GCVE-0-2017-2844)
Vulnerability from cvelistv5 – Published: 2017-06-29 17:00 – Updated: 2024-09-16 19:00
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:18.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2844",
"datePublished": "2017-06-29T17:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:00:30.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2842 (GCVE-0-2017-2842)
Vulnerability from cvelistv5 – Published: 2017-06-27 15:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:16.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0344",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2842",
"datePublished": "2017-06-27T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:17.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2843 (GCVE-0-2017-2843)
Vulnerability from cvelistv5 – Published: 2017-06-27 15:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:17.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2843",
"datePublished": "2017-06-27T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:17.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2841 (GCVE-0-2017-2841)
Vulnerability from cvelistv5 – Published: 2017-06-27 15:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:14.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2841",
"datePublished": "2017-06-27T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:16.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2831 (GCVE-0-2017-2831)
Vulnerability from cvelistv5 – Published: 2017-06-21 13:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
9.1 (Critical)
CWE
- buffer overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.1,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99190"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2831",
"datePublished": "2017-06-21T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:16.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2828 (GCVE-0-2017-2828)
Vulnerability from cvelistv5 – Published: 2017-06-21 13:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:22:56.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0329",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2828",
"datePublished": "2017-06-21T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:16.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2827 (GCVE-0-2017-2827)
Vulnerability from cvelistv5 – Published: 2017-06-21 13:00 – Updated: 2024-08-05 14:09
VLAI?
Summary
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- command injection vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Foscam | Indoor IP Camera C1 Series |
Affected:
n/a
|
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0328"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Indoor IP Camera C1 Series",
"vendor": "Foscam",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:22:55.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "99184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0328"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0328",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0328"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2827",
"datePublished": "2017-06-21T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:09:16.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}