CVE-2017-7648

Published: Apr 10, 2017Modified: May 13, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Affected (12)

Products: Foscam: C1, C1 Lite, C2, Fi9800xe, Fi9826p, Fi9828p, Fi9851p, Fi9853ep, Fi9901ep, Fi9903p, Fi9928p, R2

12 products

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Foscam C1	All versions
Foscam C1 Lite	All versions
Foscam C2	All versions
Foscam Fi9800xe	All versions
Foscam Fi9826p	All versions
Foscam Fi9828p	All versions
Foscam Fi9851p	All versions
Foscam Fi9853ep	All versions
Foscam Fi9901ep	All versions
Foscam Fi9903p	All versions
Foscam Fi9928p	All versions
Foscam R2	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

http://www.securityfocus.com/archive/1/540388/30/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/540388/30/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.