VAR-201706-0439
Vulnerability from variot - Updated: 2025-04-20 23:04Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. Foscam C1 Indoor HD The camera contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamC1 is a wireless IP camera product from China Foscom (FOSCAM). There is a security vulnerability in FoscamC1 using firmware version 1.9.1.12. Foscam C1 Webcam is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain unauthorized access or obtain sensitive information; this may lead to further attacks. ### Tested Versions Foscam C1 Firmware Version 1.9.1.12 ### Product URLs Foscam ### CVSSv3 Score 9.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ### CWE CWE-259: Use of Hard-coded Password ### Details The file found at '/mtd/app/bin/ftpd/pureftpd.passwd' contains the following hash: r:$1$whR6Mhk0$FR1VT/mX5D/qwRsgCkHLO.:1001:1001::/mnt/sd/./:::::::::::: This hash resolves to a simple user/pass combo of 'r:r'. The user/pass of r:r permits anyone to log into a Foscam camera and have full read/write to the mounted Micro-SD card, which contains .avi videos and .jpg snapshots. If the camera has a microphone, the .avi videos will have audio recording as well. An attacker armed with this knowledge can connect remotely to the..
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0439",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c1 webcam",
"scope": "eq",
"trust": 2.5,
"vendor": "foscam",
"version": "1.9.1.12"
},
{
"model": "c1 indoor hd camera",
"scope": "eq",
"trust": 0.8,
"vendor": "foscam",
"version": "1.9.1.12"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16320"
},
{
"db": "BID",
"id": "99193"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008694"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-936"
},
{
"db": "NVD",
"id": "CVE-2016-8731"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:foscam:c1_indoor_hd_camera_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008694"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Richard Harman and Dave McDaniel of Cisco Talos",
"sources": [
{
"db": "BID",
"id": "99193"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8731",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8731",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-16320",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97551",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8731",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8731",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8731",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8731",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-8731",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-16320",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-936",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-97551",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16320"
},
{
"db": "VULHUB",
"id": "VHN-97551"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008694"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-936"
},
{
"db": "NVD",
"id": "CVE-2016-8731"
},
{
"db": "NVD",
"id": "CVE-2016-8731"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. Foscam C1 Indoor HD The camera contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamC1 is a wireless IP camera product from China Foscom (FOSCAM). There is a security vulnerability in FoscamC1 using firmware version 1.9.1.12. Foscam C1 Webcam is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to gain unauthorized access or obtain sensitive information; this may lead to further attacks. ### Tested Versions Foscam C1 Firmware Version 1.9.1.12 ### Product URLs Foscam ### CVSSv3 Score 9.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ### CWE CWE-259: Use of Hard-coded Password ### Details The file found at \u0027/mtd/app/bin/ftpd/pureftpd.passwd\u0027 contains the following hash: ``` r:$1$whR6Mhk0$FR1VT/mX5D/qwRsgCkHLO.:1001:1001::/mnt/sd/./:::::::::::: ``` This hash resolves to a simple user/pass combo of \u0027r:r\u0027. The user/pass of r:r permits anyone to log into a Foscam camera and have full read/write to the mounted Micro-SD card, which contains .avi videos and .jpg snapshots. If the camera has a microphone, the .avi videos will have audio recording as well. An attacker armed with this knowledge can connect remotely to the..",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8731"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008694"
},
{
"db": "CNVD",
"id": "CNVD-2017-16320"
},
{
"db": "BID",
"id": "99193"
},
{
"db": "VULHUB",
"id": "VHN-97551"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2016-0245",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2016-8731",
"trust": 3.4
},
{
"db": "BID",
"id": "99193",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008694",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-16320",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201706-936",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-96488",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97551",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16320"
},
{
"db": "VULHUB",
"id": "VHN-97551"
},
{
"db": "BID",
"id": "99193"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008694"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-936"
},
{
"db": "NVD",
"id": "CVE-2016-8731"
}
]
},
"id": "VAR-201706-0439",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16320"
},
{
"db": "VULHUB",
"id": "VHN-97551"
}
],
"trust": 1.316071435
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16320"
}
]
},
"last_update_date": "2025-04-20T23:04:56.409000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.foscam.com/"
},
{
"title": "FoscamC1 hardcoded credential authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/98691"
},
{
"title": "Foscam C1 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71159"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16320"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008694"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-936"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97551"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008694"
},
{
"db": "NVD",
"id": "CVE-2016-8731"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2016-0245"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99193"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8731"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8731"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2016-0245"
},
{
"trust": 0.3,
"url": "http://www.foscam.com/"
},
{
"trust": 0.3,
"url": "https://www.talosintelligence.com/reports/talos-2016-0245/"
},
{
"trust": 0.3,
"url": "http://blog.talosintelligence.com/2017/06/foscam-vuln-details.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16320"
},
{
"db": "VULHUB",
"id": "VHN-97551"
},
{
"db": "BID",
"id": "99193"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008694"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-936"
},
{
"db": "NVD",
"id": "CVE-2016-8731"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-16320"
},
{
"db": "VULHUB",
"id": "VHN-97551"
},
{
"db": "BID",
"id": "99193"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008694"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-936"
},
{
"db": "NVD",
"id": "CVE-2016-8731"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16320"
},
{
"date": "2017-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-97551"
},
{
"date": "2017-06-21T00:00:00",
"db": "BID",
"id": "99193"
},
{
"date": "2017-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008694"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-936"
},
{
"date": "2017-06-21T19:29:00.197000",
"db": "NVD",
"id": "CVE-2016-8731"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16320"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-97551"
},
{
"date": "2017-06-21T00:00:00",
"db": "BID",
"id": "99193"
},
{
"date": "2017-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008694"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-936"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8731"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-936"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Foscam C1 Indoor HD Vulnerabilities related to the use of hard-coded credentials in cameras",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008694"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-936"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…