CVE-2014-1849

Published: May 14, 2014Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.

Affected (1)

Products: Foscam: Ip Camera Firmware

1 product

Ip Camera Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Foscam Ip Camera Firmware	Version 11.37.2.49

Related CWEs

References (6)

http://blog.shekyan.com/2014/05/cve-2014-1849-foscam-dynamic-dns-predictable-credentials-vulnerability.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2014/May/35

Source: cve@mitre.org

https://github.com/artemharutyunyan/getmecamtool/blob/master/src/dnsmod.c

Source: cve@mitre.org

Exploit

http://blog.shekyan.com/2014/05/cve-2014-1849-foscam-dynamic-dns-predictable-credentials-vulnerability.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2014/May/35

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/artemharutyunyan/getmecamtool/blob/master/src/dnsmod.c

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.