Ip Camera Firmware
CVE-2014-1849
CRITICAL
Severity by source
AV:N/AC:L/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.
AnalysisAI
Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.1%.
Technical ContextAI
This vulnerability is classified under CWE-255. Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server. Affected products include: Foscam Ip Camera Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ip Camera Firmware
View allBuffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitra
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated att
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Rated high severity (CVSS 8.8), this vulnerabi
Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers
Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker
An issue was discovered on Netwave IP Camera devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exp
Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attacke
Same weakness CWE-255 – Credentials Management Errors
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today