cnvd - cnvd-2017-34264

CNVD-2017-34264

Vulnerability from cnvd - Published: 2017-11-17

Title

Foscam IP Video Camera远程代码执行漏洞

Description

Foscam C1 Indoor HD Camera是中国福斯康姆（Foscam）公司的一款无线高清IP摄像机。 Foscam C1 Indoor HD Camera中的recovery procedure存在远程代码执行漏洞，该漏洞源于程序未能充分的执行安全监测。攻击者可借助特制的图像利用该漏洞执行固件升级。

Severity

高

Patch Name

Foscam IP Video Camera远程代码执行漏洞的补丁

Patch Description

Foscam C1 Indoor HD Camera是中国福斯康姆（Foscam）公司的一款无线高清IP摄像机。 Foscam C1 Indoor HD Camera中的recovery procedure存在远程代码执行漏洞，该漏洞源于程序未能充分的执行安全监测。攻击者可借助特制的图像利用该漏洞执行固件升级。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.foscam.com/downloads/index.html

Reference

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379

Impacted products

Name
['Foscam System Firmware 1.9.3.18', 'Foscam Indoor IP Camera C1 Plug-In 3.3.0.26', 'Foscam Indoor IP Camera C1 Application Firmware 2.52.2.43']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2872"
    }
  },
  "description": "Foscam C1 Indoor HD Camera\u662f\u4e2d\u56fd\u798f\u65af\u5eb7\u59c6\uff08Foscam\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u9ad8\u6e05IP\u6444\u50cf\u673a\u3002\r\n\r\nFoscam C1 Indoor HD Camera\u4e2d\u7684recovery procedure\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6267\u884c\u5b89\u5168\u76d1\u6d4b\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u56fe\u50cf\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u56fa\u4ef6\u5347\u7ea7\u3002",
  "discovererName": "Claudio Bozzato of Cisco Talos.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.foscam.com/downloads/index.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34264",
  "openTime": "2017-11-17",
  "patchDescription": "Foscam C1 Indoor HD Camera\u662f\u4e2d\u56fd\u798f\u65af\u5eb7\u59c6\uff08Foscam\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u9ad8\u6e05IP\u6444\u50cf\u673a\u3002\r\n\r\nFoscam C1 Indoor HD Camera\u4e2d\u7684recovery procedure\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6267\u884c\u5b89\u5168\u76d1\u6d4b\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u56fe\u50cf\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u56fa\u4ef6\u5347\u7ea7\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Foscam IP Video Camera\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Foscam System Firmware 1.9.3.18",
      "Foscam Indoor IP Camera C1 Plug-In 3.3.0.26",
      "Foscam Indoor IP Camera C1 Application Firmware 2.52.2.43"
    ]
  },
  "referenceLink": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-15",
  "title": "Foscam IP Video Camera\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2017-2872 (GCVE-0-2017-2872)

Vulnerability from cvelistv5 – Published: 2018-09-17 20:00 – Updated: 2024-09-16 18:43

Summary

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.

Severity ?

9.9 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

Improper Authentication

Assigner

talos

References

URL

Tags

https://www.talosintelligence.com/vulnerability_r…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Foscam	Foscam Indoor IP Camera C1 Series	Affected: System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:09:17.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Foscam Indoor IP Camera C1 Series",
          "vendor": "Foscam",
          "versions": [
            {
              "status": "affected",
              "version": "System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26"
            }
          ]
        }
      ],
      "datePublic": "2017-11-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Authentication",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:23:54",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "DATE_PUBLIC": "2017-11-13T00:00:00",
          "ID": "CVE-2017-2872",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Foscam Indoor IP Camera C1 Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Foscam"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 9.9,
            "baseSeverity": "Critical",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379",
              "refsource": "MISC",
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2017-2872",
    "datePublished": "2018-09-17T20:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-16T18:43:19.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-34264

CVE-2017-2872 (GCVE-0-2017-2872)

Tags

Sightings

Nomenclature