EUVD-2026-30372
GHSA-hj3c-m4r3-m5fj
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionNVD
Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol (SDP), including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can intercept these credentials to hijack media streams or authenticate to Foscam's TURN/relay infrastructure to forward arbitrary traffic at the vendor's expense.
AnalysisAI
Cleartext transmission in Foscam VD1 Video Doorbell (firmware before V5.3.13_1072) exposes Session Description Protocol (SDP) credentials and ICE candidates over unencrypted network channels, enabling on-path attackers to intercept media stream authentication tokens, hijack real-time video/audio feeds, and abuse Foscam's TURN relay infrastructure for unauthorized traffic routing. EPSS score of 0.02% (5th percentile) suggests low widespread exploitation likelihood, though the network-accessible attack vector (AV:N) with no authentication requirement (PR:N) and low complexity (AC:L) creates risk in residential deployment scenarios where LAN or ISP-level interception is feasible.
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today