Search

Find a vulnerability

Search criteria

    20 vulnerabilities by opticam

    VAR-201811-0737

    Vulnerability from variot - Updated: 2024-11-23 23:11

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP). Foscam C2 Device and Opticam i5 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A violent authentication attack vulnerability exists in the FoscamC2 and Opticami5 devices, which can be exploited by remote attackers to enforce brute force attacks. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0737",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          }
        ]
      },
      "cve": "CVE-2018-19076",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19076",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04042",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-129699",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19076",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19076",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19076",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04042",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-153",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129699",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP). Foscam C2 Device and Opticam i5 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A violent authentication attack vulnerability exists in the FoscamC2 and Opticami5 devices, which can be exploited by remote attackers to enforce brute force attacks. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19076",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          }
        ]
      },
      "id": "VAR-201811-0737",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:11:58.160000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19076"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19076"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19076"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          },
          {
            "date": "2018-11-07T18:29:05.070000",
            "db": "NVD",
            "id": "CVE-2018-19076"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04042"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129699"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          },
          {
            "date": "2024-11-21T03:57:17.287000",
            "db": "NVD",
            "id": "CVE-2018-19076"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Authentication vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011672"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-153"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0821

    Vulnerability from variot - Updated: 2024-11-23 23:11

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. Foscam C2 Device and Opticam i5 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An encryption vulnerability exists in the FoscamC2 and Opticami5 devices. The vulnerability stems from the use of a null password (not modifiable) on the ftpuser1 account, which an attacker can use to control the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0821",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          }
        ]
      },
      "cve": "CVE-2018-19064",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19064",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04048",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129686",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19064",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19064",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19064",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04048",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-141",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129686",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19064",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. Foscam C2 Device and Opticam i5 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An encryption vulnerability exists in the FoscamC2 and Opticami5 devices. The vulnerability stems from the use of a null password (not modifiable) on the ftpuser1 account, which an attacker can use to control the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19064",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          }
        ]
      },
      "id": "VAR-201811-0821",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:11:57.987000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-521",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19064"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19064"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/521.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19064"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          },
          {
            "date": "2018-11-07T18:29:00.803000",
            "db": "NVD",
            "id": "CVE-2018-19064"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04048"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129686"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19064"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          },
          {
            "date": "2024-11-21T03:57:15.433000",
            "db": "NVD",
            "id": "CVE-2018-19064"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to certificate and password management in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011649"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-141"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0732

    Vulnerability from variot - Updated: 2024-11-23 23:08

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up. Foscam C2 Device and Opticam i5 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). Security vulnerabilities exist in Foscam C2 and Opticam i5 devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0732",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          }
        ]
      },
      "cve": "CVE-2018-19071",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19071",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-04050",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-129694",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-19071",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19071",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19071",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04050",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-148",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129694",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19071",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up. Foscam C2 Device and Opticam i5 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). Security vulnerabilities exist in Foscam C2 and Opticam i5 devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19071",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          }
        ]
      },
      "id": "VAR-201811-0732",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:08:32.904000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-732",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19071"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19071"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/732.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19071"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          },
          {
            "date": "2018-11-07T18:29:03.397000",
            "db": "NVD",
            "id": "CVE-2018-19071"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04050"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129694"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19071"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          },
          {
            "date": "2024-11-21T03:57:16.513000",
            "db": "NVD",
            "id": "CVE-2018-19071"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to authorization, authority, and access control in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011690"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-148"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0731

    Vulnerability from variot - Updated: 2024-11-23 23:04

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action. Foscam C2 Device and Opticam i5 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An operating system command injection vulnerability exists in the FoscamC2 and Opticami5 devices. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0731",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          }
        ]
      },
      "cve": "CVE-2018-19070",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-19070",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2019-04051",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-129693",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2018-19070",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19070",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19070",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04051",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-147",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129693",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action. Foscam C2 Device and Opticam i5 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An operating system command injection vulnerability exists in the FoscamC2 and Opticami5 devices. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19070",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          }
        ]
      },
      "id": "VAR-201811-0731",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:04:56.264000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19070"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19070"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19070"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          },
          {
            "date": "2018-11-07T18:29:02.773000",
            "db": "NVD",
            "id": "CVE-2018-19070"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04051"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129693"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          },
          {
            "date": "2024-11-21T03:57:16.350000",
            "db": "NVD",
            "id": "CVE-2018-19070"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 In the device  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011691"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-147"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0740

    Vulnerability from variot - Updated: 2024-11-23 23:01

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. Foscam Opticam i5 There is an input validation vulnerability in the device system firmware and application firmware.Service operation interruption (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM). This vulnerability could be exploited by an unauthenticated attacker to cause a device reboot

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0740",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          }
        ]
      },
      "cve": "CVE-2018-19079",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19079",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-22819",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129702",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19079",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19079",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19079",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22819",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-156",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129702",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. Foscam Opticam i5 There is an input validation vulnerability in the device system firmware and application firmware.Service operation interruption (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM). This vulnerability could be exploited by an unauthenticated attacker to cause a device reboot",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19079",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          }
        ]
      },
      "id": "VAR-201811-0740",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:01:59.062000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-862",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19079"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19079"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19079"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          },
          {
            "date": "2018-11-07T18:29:06.353000",
            "db": "NVD",
            "id": "CVE-2018-19079"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22819"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129702"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          },
          {
            "date": "2024-11-21T03:57:17.780000",
            "db": "NVD",
            "id": "CVE-2018-19079"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 Vulnerability related to input verification in device system firmware and application firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011914"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-156"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0824

    Vulnerability from variot - Updated: 2024-11-23 23:01

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A hard-coded password vulnerability exists in FoscamC2 and Opticami5 devices. The vulnerability stems from the use of hard-coded passwords in the factory account (Ak47@99), which can be exploited by attackers to control devices. An attacker could exploit this vulnerability to take control of the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0824",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          }
        ]
      },
      "cve": "CVE-2018-19067",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19067",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04052",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129689",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19067",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19067",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19067",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04052",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-144",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129689",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19067",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A hard-coded password vulnerability exists in FoscamC2 and Opticami5 devices. The vulnerability stems from the use of hard-coded passwords in the factory account (Ak47@99), which can be exploited by attackers to control devices. An attacker could exploit this vulnerability to take control of the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19067",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          }
        ]
      },
      "id": "VAR-201811-0824",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:01:58.960000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19067"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19067"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19067"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          },
          {
            "date": "2018-11-07T18:29:01.837000",
            "db": "NVD",
            "id": "CVE-2018-19067"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04052"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129689"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19067"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          },
          {
            "date": "2024-11-21T03:57:15.880000",
            "db": "NVD",
            "id": "CVE-2018-19067"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to the use of hard-coded credentials on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011652"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-144"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0743

    Vulnerability from variot - Updated: 2024-11-23 22:55

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field. Foscam Opticam i5 A buffer error vulnerability exists in the device system firmware and application firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0743",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22822"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-159"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19082"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          }
        ]
      },
      "cve": "CVE-2018-19082",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19082",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2018-22822",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-129706",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19082",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19082",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19082",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22822",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-159",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129706",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22822"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-159"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19082"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field. Foscam Opticam i5 A buffer error vulnerability exists in the device system firmware and application firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19082"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22822"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129706"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19082",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011910",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-159",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22822",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129706",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22822"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-159"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19082"
          }
        ]
      },
      "id": "VAR-201811-0743",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22822"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129706"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22822"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:55:42.335000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19082"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19082"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19082"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22822"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-159"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19082"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22822"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-159"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19082"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22822"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129706"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-159"
          },
          {
            "date": "2018-11-07T18:29:07.727000",
            "db": "NVD",
            "id": "CVE-2018-19082"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22822"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129706"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-159"
          },
          {
            "date": "2024-11-21T03:57:18.253000",
            "db": "NVD",
            "id": "CVE-2018-19082"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-159"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 Buffer error vulnerability in device system firmware and application firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011910"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-159"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0735

    Vulnerability from variot - Updated: 2024-11-23 22:41

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88. Foscam C2 Device and Opticam i5 The device contains an access control vulnerability.Information may be tampered with. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A firewall invalidation vulnerability exists in the FoscamC2 and Opticami5 devices. The vulnerability stems from the firewall blocking only ports 443 and 88, which can be exploited by remote attackers to control devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0735",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04044"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-151"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19074"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          }
        ]
      },
      "cve": "CVE-2018-19074",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19074",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04044",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129697",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19074",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19074",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19074",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04044",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-151",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129697",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04044"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-151"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19074"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88. Foscam C2 Device and Opticam i5 The device contains an access control vulnerability.Information may be tampered with. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A firewall invalidation vulnerability exists in the FoscamC2 and Opticami5 devices. The vulnerability stems from the firewall blocking only ports 443 and 88, which can be exploited by remote attackers to control devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04044"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129697"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19074",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011687",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-151",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04044",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129697",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04044"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-151"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19074"
          }
        ]
      },
      "id": "VAR-201811-0735",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04044"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129697"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04044"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:41:39.013000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19074"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19074"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19074"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04044"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-151"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19074"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04044"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-151"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19074"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04044"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129697"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-151"
          },
          {
            "date": "2018-11-07T18:29:04.303000",
            "db": "NVD",
            "id": "CVE-2018-19074"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04044"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129697"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-151"
          },
          {
            "date": "2024-11-21T03:57:16.977000",
            "db": "NVD",
            "id": "CVE-2018-19074"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-151"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Device access control vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011687"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-151"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0741

    Vulnerability from variot - Updated: 2024-11-23 22:38

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. FoscamOpticami5 is an IP camera from Foscom (FOSCAM). An unauthenticated attacker can exploit this vulnerability for cross-site scripting attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0741",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          }
        ]
      },
      "cve": "CVE-2018-19080",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-19080",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2018-22820",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-129704",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-19080",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19080",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19080",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22820",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-157",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129704",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. FoscamOpticami5 is an IP camera from Foscom (FOSCAM). An unauthenticated attacker can exploit this vulnerability for cross-site scripting attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19080",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          }
        ]
      },
      "id": "VAR-201811-0741",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:38:01.678000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19080"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19080"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19080"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          },
          {
            "date": "2018-11-07T18:29:06.807000",
            "db": "NVD",
            "id": "CVE-2018-19080"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129704"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011908"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          },
          {
            "date": "2024-11-21T03:57:17.940000",
            "db": "NVD",
            "id": "CVE-2018-19080"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-157"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0825

    Vulnerability from variot - Updated: 2024-11-23 22:37

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials. FoscamOptiCami5 is an IP camera from China Foscam. There are security vulnerabilities in FoscamOpticami5deviceswithSystemFirmware1.5.2.11 and ApplicationFirmware2.21.1.128. An attacker could exploit this vulnerability to control the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0825",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          }
        ]
      },
      "cve": "CVE-2018-19068",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-19068",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-22816",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "VHN-129690",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.2,
                "id": "CVE-2018-19068",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19068",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19068",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22816",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-145",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129690",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials. FoscamOptiCami5 is an IP camera from China Foscam. There are security vulnerabilities in FoscamOpticami5deviceswithSystemFirmware1.5.2.11 and ApplicationFirmware2.21.1.128. An attacker could exploit this vulnerability to control the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19068",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          }
        ]
      },
      "id": "VAR-201811-0825",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:37:58.017000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19068"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19068"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19068"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          },
          {
            "date": "2018-11-07T18:29:02.100000",
            "db": "NVD",
            "id": "CVE-2018-19068"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22816"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129690"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          },
          {
            "date": "2024-11-21T03:57:16.030000",
            "db": "NVD",
            "id": "CVE-2018-19068"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 Vulnerabilities related to security functions in device system firmware and application firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011913"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-145"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0733

    Vulnerability from variot - Updated: 2024-11-23 22:30

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An archive file replacement vulnerability exists in FoscamC2 and Opticami5 devices that can be exploited by local attackers to replace archived files

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0733",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          }
        ]
      },
      "cve": "CVE-2018-19072",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19072",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-04046",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "VHN-129695",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-19072",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19072",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19072",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04046",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-149",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129695",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An archive file replacement vulnerability exists in FoscamC2 and Opticami5 devices that can be exploited by local attackers to replace archived files",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19072",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          }
        ]
      },
      "id": "VAR-201811-0733",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:30:11.210000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-732",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19072"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19072"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19072"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          },
          {
            "date": "2018-11-07T18:29:03.697000",
            "db": "NVD",
            "id": "CVE-2018-19072"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04046"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129695"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          },
          {
            "date": "2024-11-21T03:57:16.663000",
            "db": "NVD",
            "id": "CVE-2018-19072"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to authorization, authority, and access control in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011689"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-149"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0738

    Vulnerability from variot - Updated: 2024-11-23 22:26

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0738",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          }
        ]
      },
      "cve": "CVE-2018-19077",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19077",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-22817",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129700",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19077",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19077",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19077",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22817",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-154",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129700",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19077",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19077",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          }
        ]
      },
      "id": "VAR-201811-0738",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:26:06.942000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          },
          {
            "title": "https://github.com/Samsung/cotopaxi",
            "trust": 0.1,
            "url": "https://github.com/Samsung/cotopaxi "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19077"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19077"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/samsung/cotopaxi"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19077"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          },
          {
            "date": "2018-11-07T18:29:05.383000",
            "db": "NVD",
            "id": "CVE-2018-19077"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22817"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129700"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19077"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          },
          {
            "date": "2024-11-21T03:57:17.447000",
            "db": "NVD",
            "id": "CVE-2018-19077"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 Out-of-bounds reading vulnerability in device system firmware and application firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011912"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-154"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0820

    Vulnerability from variot - Updated: 2024-11-23 22:26

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password. Foscam C2 Devices and Opticam i5 The device is vulnerable to the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). The vulnerability stems from the use of a null password in the admin account, which an attacker can use to control the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0820",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          }
        ]
      },
      "cve": "CVE-2018-19063",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19063",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04049",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129685",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19063",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19063",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19063",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04049",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-140",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129685",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19063",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password. Foscam C2 Devices and Opticam i5 The device is vulnerable to the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). The vulnerability stems from the use of a null password in the admin account, which an attacker can use to control the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19063",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          }
        ]
      },
      "id": "VAR-201811-0820",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:26:06.867000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19063"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19063"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19063"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          },
          {
            "date": "2018-11-07T18:29:00.523000",
            "db": "NVD",
            "id": "CVE-2018-19063"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04049"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129685"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19063"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          },
          {
            "date": "2024-11-21T03:57:15.283000",
            "db": "NVD",
            "id": "CVE-2018-19063"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Devices and  Opticam i5 Vulnerability in using hard-coded credentials on device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011648"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-140"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0739

    Vulnerability from variot - Updated: 2024-11-23 22:17

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. Foscam Opticam i5 There are vulnerabilities related to certificate and password management in the system firmware and application firmware of devices.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0739",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          }
        ]
      },
      "cve": "CVE-2018-19078",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19078",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-22818",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-129701",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19078",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19078",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19078",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22818",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-155",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129701",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. Foscam Opticam i5 There are vulnerabilities related to certificate and password management in the system firmware and application firmware of devices.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19078",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          }
        ]
      },
      "id": "VAR-201811-0739",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:17:15.431000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-522",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19078"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19078"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19078"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          },
          {
            "date": "2018-11-07T18:29:05.853000",
            "db": "NVD",
            "id": "CVE-2018-19078"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22818"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129701"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          },
          {
            "date": "2024-11-21T03:57:17.623000",
            "db": "NVD",
            "id": "CVE-2018-19078"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 Vulnerabilities related to certificate and password management in device system firmware and application firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011911"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-155"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0823

    Vulnerability from variot - Updated: 2024-11-23 22:17

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift password in some cases. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An information disclosure vulnerability exists in the FoscamC2 and Opticami5 devices that originated from the configuration backup file using a hard-coded password (Pxift) that an attacker could use to control the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0823",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          }
        ]
      },
      "cve": "CVE-2018-19066",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19066",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04053",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-129688",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19066",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19066",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19066",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04053",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-143",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129688",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift* password in some cases. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An information disclosure vulnerability exists in the FoscamC2 and Opticami5 devices that originated from the configuration backup file using a hard-coded password (Pxift*) that an attacker could use to control the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19066",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          }
        ]
      },
      "id": "VAR-201811-0823",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:17:15.338000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19066"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19066"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19066"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          },
          {
            "date": "2018-11-07T18:29:01.570000",
            "db": "NVD",
            "id": "CVE-2018-19066"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04053"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129688"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          },
          {
            "date": "2024-11-21T03:57:15.730000",
            "db": "NVD",
            "id": "CVE-2018-19066"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to the use of hard-coded credentials on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011651"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-143"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0736

    Vulnerability from variot - Updated: 2024-11-23 22:12

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8. Foscam C2 Device and Opticam i5 The device contains an information disclosure vulnerability.Information may be obtained. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0736",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          }
        ]
      },
      "cve": "CVE-2018-19075",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19075",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04043",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-129698",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19075",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19075",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19075",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04043",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-152",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129698",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8. Foscam C2 Device and Opticam i5 The device contains an information disclosure vulnerability.Information may be obtained. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19075",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          }
        ]
      },
      "id": "VAR-201811-0736",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:12:13.427000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19075"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19075"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19075"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          },
          {
            "date": "2018-11-07T18:29:04.697000",
            "db": "NVD",
            "id": "CVE-2018-19075"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04043"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129698"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          },
          {
            "date": "2024-11-21T03:57:17.123000",
            "db": "NVD",
            "id": "CVE-2018-19075"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Information disclosure vulnerability in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011673"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-152"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0822

    Vulnerability from variot - Updated: 2024-11-23 22:12

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9*Q password in some cases. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An information disclosure vulnerability exists in the FoscamC2 and Opticami5 devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0822",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-142"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19065"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          }
        ]
      },
      "cve": "CVE-2018-19065",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19065",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04054",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-129687",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19065",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19065",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19065",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04054",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-142",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129687",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04054"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-142"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19065"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9*Q password in some cases. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An information disclosure vulnerability exists in the FoscamC2 and Opticami5 devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19065"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04054"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129687"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19065",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011650",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-142",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04054",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129687",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04054"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-142"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19065"
          }
        ]
      },
      "id": "VAR-201811-0822",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04054"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129687"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04054"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:12:13.012000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19065"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19065"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19065"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04054"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-142"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19065"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04054"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-142"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19065"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04054"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129687"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-142"
          },
          {
            "date": "2018-11-07T18:29:01.180000",
            "db": "NVD",
            "id": "CVE-2018-19065"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04054"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129687"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-142"
          },
          {
            "date": "2024-11-21T03:57:15.583000",
            "db": "NVD",
            "id": "CVE-2018-19065"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-142"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to the use of hard-coded credentials on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011650"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-142"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0742

    Vulnerability from variot - Updated: 2024-11-23 22:06

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field. Foscam Opticam i5 Device system firmware and application firmware include OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0742",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 application",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "c2 system",
            "scope": null,
            "trust": 0.8,
            "vendor": "foscam",
            "version": null
          },
          {
            "model": "opticam i5 application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22821"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-158"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19081"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          }
        ]
      },
      "cve": "CVE-2018-19081",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19081",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-22821",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129705",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19081",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19081",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19081",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22821",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-158",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129705",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19081",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22821"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129705"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-158"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19081"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field. Foscam Opticam i5 Device system firmware and application firmware include OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22821"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129705"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19081"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19081",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011909",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-158",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22821",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129705",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19081",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22821"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129705"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-158"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19081"
          }
        ]
      },
      "id": "VAR-201811-0742",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22821"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129705"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22821"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:28.111000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129705"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19081"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19081"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19081"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22821"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129705"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-158"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19081"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22821"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129705"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-158"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19081"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22821"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129705"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19081"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-158"
          },
          {
            "date": "2018-11-07T18:29:07.337000",
            "db": "NVD",
            "id": "CVE-2018-19081"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22821"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129705"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19081"
          },
          {
            "date": "2019-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-158"
          },
          {
            "date": "2024-11-21T03:57:18.090000",
            "db": "NVD",
            "id": "CVE-2018-19081"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-158"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam Opticam i5 In the system firmware and application firmware of the device  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011909"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-158"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0826

    Vulnerability from variot - Updated: 2024-11-23 22:06

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). There are security vulnerabilities in the FoscamC2 and Opticami5 devices that an attacker can use to control the telnetd service by sending a specially crafted HTTP request. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0826",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-146"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19069"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          }
        ]
      },
      "cve": "CVE-2018-19069",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19069",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-04047",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-129691",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19069",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19069",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19069",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04047",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-146",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129691",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19069",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04047"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129691"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-146"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19069"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor. Foscam C2 Device and Opticam i5 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). There are security vulnerabilities in the FoscamC2 and Opticami5 devices that an attacker can use to control the telnetd service by sending a specially crafted HTTP request. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04047"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129691"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19069"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19069",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011653",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-146",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04047",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129691",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19069",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04047"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129691"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-146"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19069"
          }
        ]
      },
      "id": "VAR-201811-0826",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04047"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129691"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04047"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:28.033000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129691"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19069"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19069"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19069"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04047"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129691"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-146"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19069"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04047"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129691"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-146"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19069"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04047"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129691"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19069"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-146"
          },
          {
            "date": "2018-11-07T18:29:02.367000",
            "db": "NVD",
            "id": "CVE-2018-19069"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04047"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129691"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19069"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-146"
          },
          {
            "date": "2024-11-21T03:57:16.190000",
            "db": "NVD",
            "id": "CVE-2018-19069"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-146"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 Device and  Opticam i5 Vulnerabilities related to the use of hard-coded credentials on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011653"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-146"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0734

    Vulnerability from variot - Updated: 2024-11-23 21:52

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access. Foscam C2 Device and Opticam i5 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Foscam C2 and Opticam i5 are both IP camera products of China Foscam

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0734",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "i5 application",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "2.21.1.128"
          },
          {
            "model": "i5 system",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "opticam",
            "version": "1.5.2.11"
          },
          {
            "model": "c2 application",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 system",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "c2 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.72.1.32"
          },
          {
            "model": "c2 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.11.1.8"
          },
          {
            "model": "opticam i5 devices with application",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "2.21.1.128"
          },
          {
            "model": "opticam i5 devices with system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "foscam",
            "version": "1.5.2.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:foscam:c2_system_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_application_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:opticam:i5_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          }
        ]
      },
      "cve": "CVE-2018-19073",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-19073",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2019-04045",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-129696",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2018-19073",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19073",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19073",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04045",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-150",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129696",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access. Foscam C2 Device and Opticam i5 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Foscam C2 and Opticam i5 are both IP camera products of China Foscam",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19073",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          }
        ]
      },
      "id": "VAR-201811-0734",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          }
        ],
        "trust": 1.66666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:52:39.246000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "C2",
            "trust": 0.8,
            "url": "https://www.foscam.com/C2.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19073"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19073"
          },
          {
            "trust": 0.8,
            "url": "https://www.verkkokauppa.com/fi/product/52328/fcqxq/opticam-i5-hd-ip-kamera"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19073"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "date": "2018-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          },
          {
            "date": "2018-11-07T18:29:03.930000",
            "db": "NVD",
            "id": "CVE-2018-19073"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "date": "2018-12-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129696"
          },
          {
            "date": "2019-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011688"
          },
          {
            "date": "2018-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          },
          {
            "date": "2024-11-21T03:57:16.820000",
            "db": "NVD",
            "id": "CVE-2018-19073"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Foscam C2 and Opticam i5 Operating System Command Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-150"
          }
        ],
        "trust": 0.6
      }
    }