Foscam

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-1849 1Foscam 1Ip Camera Firmware May 6, 2026 May 14, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras a...Show more Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.Show less
CVE-2014-1911 1Foscam 2Fi8919w Fi8919w Firmware May 6, 2026 Mar 6, 2014 N/A· v4 N/A· v3 7.8 HIGH· v2 The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password.
CVE-2013-5215 1Foscam 1Wireless Ip Camera Apr 29, 2026 Nov 20, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the web interface "WiFi scan" option in FOSCAM Wireless IP Cameras allows remote attackers to inject arbitrary web script or HTML via the SSID.
CVE-2013-2560 1Foscam 1Fi8919w Apr 29, 2026 Mar 15, 2013 N/A· v4 N/A· v3 7.8 HIGH· v2 Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) w...Show more Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.Show less
CVE-2012-3002 2Foscam Wansview 2H.264 Hi3510/11/12 Ip Camera H.264 Hi3510/11/12 Ip Camera Apr 29, 2026 Dec 21, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL.

Previous 1 2 34