cnvd - cnvd-2017-34260

CNVD-2017-34260

Vulnerability from cnvd - Published: 2017-11-17

Title

Foscam C1 Indoor HD Camera DDNS客户端缓冲区溢出漏洞

Description

Foscam C1 Indoor HD Camera是中国福斯康姆（Foscam）公司的一款无线高清IP摄像机。DDNS client是其中的一个动态域名服务客户端。 Foscam C1 Indoor HD Camera中的DDNS客户端存在缓冲区溢出漏洞。当DDNS被打开时，攻击者可通过创建恶意的HTTP服务器利用该漏洞控制设备。

Severity

高

Patch Name

Foscam C1 Indoor HD Camera DDNS客户端缓冲区溢出漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.foscam.com/downloads/index.html

Reference

https://www.talosintelligence.com/reports/TALOS-2017-0357/

Impacted products

Name
['Foscam System Firmware 1.9.3.18', 'Foscam Indoor IP Camera C1 Plug-In 3.3.0.26', 'Foscam Indoor IP Camera C1 Application Firmware 2.52.2.43']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2854"
    }
  },
  "description": "Foscam C1 Indoor HD Camera\u662f\u4e2d\u56fd\u798f\u65af\u5eb7\u59c6\uff08Foscam\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u9ad8\u6e05IP\u6444\u50cf\u673a\u3002DDNS client\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u52a8\u6001\u57df\u540d\u670d\u52a1\u5ba2\u6237\u7aef\u3002\r\n\r\nFoscam C1 Indoor HD Camera\u4e2d\u7684DDNS\u5ba2\u6237\u7aef\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5f53DDNS\u88ab\u6253\u5f00\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u521b\u5efa\u6076\u610f\u7684HTTP\u670d\u52a1\u5668\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u8bbe\u5907\u3002",
  "discovererName": "Claudio Bozzato and another member of Cisco Talos.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.foscam.com/downloads/index.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34260",
  "openTime": "2017-11-17",
  "patchDescription": "Foscam C1 Indoor HD Camera\u662f\u4e2d\u56fd\u798f\u65af\u5eb7\u59c6\uff08Foscam\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u9ad8\u6e05IP\u6444\u50cf\u673a\u3002DDNS client\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u52a8\u6001\u57df\u540d\u670d\u52a1\u5ba2\u6237\u7aef\u3002\r\n\r\nFoscam C1 Indoor HD Camera\u4e2d\u7684DDNS\u5ba2\u6237\u7aef\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5f53DDNS\u88ab\u6253\u5f00\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u521b\u5efa\u6076\u610f\u7684HTTP\u670d\u52a1\u5668\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Foscam C1 Indoor HD Camera DDNS\u5ba2\u6237\u7aef\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Foscam System Firmware 1.9.3.18",
      "Foscam Indoor IP Camera C1 Plug-In 3.3.0.26",
      "Foscam Indoor IP Camera C1 Application Firmware 2.52.2.43"
    ]
  },
  "referenceLink": "https://www.talosintelligence.com/reports/TALOS-2017-0357/",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-15",
  "title": "Foscam C1 Indoor HD Camera DDNS\u5ba2\u6237\u7aef\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2017-2854 (GCVE-0-2017-2854)

Vulnerability from cvelistv5 – Published: 2018-09-17 20:00 – Updated: 2024-09-17 04:20

Summary

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.

Severity ?

8.1 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

buffer overflow

Assigner

talos

References

URL

Tags

https://www.talosintelligence.com/vulnerability_r…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Foscam	Foscam Indoor IP Camera C1 Series	Affected: System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:09:16.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0357"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Foscam Indoor IP Camera C1 Series",
          "vendor": "Foscam",
          "versions": [
            {
              "status": "affected",
              "version": "System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26"
            }
          ]
        }
      ],
      "datePublic": "2017-11-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:23:32",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0357"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "DATE_PUBLIC": "2017-11-13T00:00:00",
          "ID": "CVE-2017-2854",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Foscam Indoor IP Camera C1 Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Foscam"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.1,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "buffer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0357",
              "refsource": "MISC",
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0357"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2017-2854",
    "datePublished": "2018-09-17T20:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-17T04:20:34.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-34260

CVE-2017-2854 (GCVE-0-2017-2854)

Tags

Sightings

Nomenclature