Vulnerability CVE-2018-19081


Published: 2018-11-07

Description:
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Opticam -> I5 application firmware 
Opticam -> I5 system firmware 
Foscam -> C2 application firmware 
Foscam -> C2 system firmware 

 References:
https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt

Copyright 2024, cxsecurity.com

 

Back to Top