Skip to main content

C1 Indoor Hd Camera Firmware CVE-2017-2843

HIGH
OS Command Injection (CWE-78)
2017-06-27 talos-cna@cisco.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 27, 2017 - 15:29 cve.org
HIGH 8.8

DescriptionCVE.org

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

AnalysisAI

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. Affected products include: Foscam C1 Indoor Hd Camera Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2017-2828 HIGH POC
8.8 Jun 21

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2827 HIGH POC
8.8 Jun 21

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2831 HIGH POC
7.5 Jun 21

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Came

CVE-2017-2830 HIGH POC
7.5 Jun 21

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Came

CVE-2017-2829 MEDIUM POC
6.5 Jun 21

An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD

CVE-2017-2848 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2849 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2847 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2846 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

CVE-2017-2845 HIGH
8.8 Jun 29

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2841 HIGH
8.8 Jun 27

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Ca

CVE-2017-2844 HIGH
8.8 Jun 29

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted

Share

CVE-2017-2843 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy