CVE-2017-5674

Published: Mar 13, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password.

Affected (1)

Products: Embedthis: Goahead

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Embedthis Goahead	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://www.cybereason.com/cve-ip-cameras/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://www.cybereason.com/cve-ip-cameras/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.