CVE-2012-3002

Published: Dec 21, 2012Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL.

Affected (2)

Products: Foscam: H.264 Hi3510/11/12 Ip Camera · Wansview: H.264 Hi3510/11/12 Ip Camera

Foscam

1 product

H.264 Hi3510/11/12 Ip Camera

Wansview

1 product

H.264 Hi3510/11/12 Ip Camera

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Foscam H.264 Hi3510/11/12 Ip Camera	All versions
Wansview H.264 Hi3510/11/12 Ip Camera	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (12)

http://foscam.us/forum/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html

Source: cret@cert.org

http://secunia.com/advisories/50950

Source: cret@cert.org

http://secunia.com/advisories/50966

Source: cret@cert.org

http://www.foscam.com/help.aspx?TypeId=11

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/265532

Source: cret@cert.org

US Government Resource

http://www.securityfocus.com/bid/55873

Source: cret@cert.org

http://foscam.us/forum/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html