Skip to main content

C1 Indoor Hd Camera Firmware CVE-2017-2829

MEDIUM
Path Traversal (CWE-22)
2017-06-21 talos-cna@cisco.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 21, 2017 - 13:29 cve.org
MEDIUM 6.5

DescriptionCVE.org

An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

AnalysisAI

An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability. Affected products include: Foscam C1 Indoor Hd Camera Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2017-2828 HIGH POC
8.8 Jun 21

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2827 HIGH POC
8.8 Jun 21

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2831 HIGH POC
7.5 Jun 21

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Came

CVE-2017-2830 HIGH POC
7.5 Jun 21

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Came

CVE-2017-2848 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2849 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2847 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2846 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2845 HIGH
8.8 Jun 29

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2841 HIGH
8.8 Jun 27

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2843 HIGH
8.8 Jun 27

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafte

CVE-2017-2844 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

Share

CVE-2017-2829 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy