CVE-2018-19063

Published: Nov 7, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password.

Affected (4)

Products: Opticam: I5 Application Firmware, I5 System Firmware · Foscam: C2 Application Firmware, C2 System Firmware

Opticam

2 products

I5 Application Firmware

I5 System Firmware

Foscam

2 products

C2 Application Firmware

C2 System Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opticam I5 Application Firmware	Version 2.21.1.128
Opticam I5 System Firmware	Version 1.5.2.11

Running on/with	Platform Versions
Opticam I5	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Foscam C2 Application Firmware	Version 2.72.1.32
Foscam C2 System Firmware	Version 1.11.1.8

Running on/with	Platform Versions
Foscam C2	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt

Source: cve@mitre.org

ExploitThird Party Advisory

https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.