Skip to main content

C1 Indoor Hd Camera Firmware CVE-2017-2831

HIGH
Classic Buffer Overflow (CWE-120)
2017-06-21 talos-cna@cisco.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 21, 2017 - 13:29 cve.org
HIGH 7.5

DescriptionCVE.org

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

AnalysisAI

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. Affected products include: Foscam C1 Indoor Hd Camera Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2017-2828 HIGH POC
8.8 Jun 21

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2827 HIGH POC
8.8 Jun 21

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2830 HIGH POC
7.5 Jun 21

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Came

CVE-2017-2829 MEDIUM POC
6.5 Jun 21

An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD

CVE-2017-2848 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2849 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2847 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2846 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2845 HIGH
8.8 Jun 29

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2841 HIGH
8.8 Jun 27

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2843 HIGH
8.8 Jun 27

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafte

CVE-2017-2844 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

Share

CVE-2017-2831 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy