FKIE_CVE-2017-7648

Vulnerability from fkie_nvd - Published: 2017-04-10 19:59 - Updated: 2025-04-20 01:37
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
References
cve@mitre.orghttp://www.securityfocus.com/archive/1/540388/30/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/540388/30/0/threadedThird Party Advisory, VDB Entry
Impacted products
Vendor Product Version
foscam c1 *
foscam c1_lite *
foscam c2 *
foscam fi9800xe *
foscam fi9826p *
foscam fi9828p *
foscam fi9851p *
foscam fi9853ep *
foscam fi9901ep *
foscam fi9903p *
foscam fi9928p *
foscam r2 *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:foscam:c1:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7389DE9-CA20-4C78-8995-283B62F1EFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:foscam:c1_lite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E397A2B-A359-47F7-8511-46C9A4AB6138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:foscam:c2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD4E331-F8EC-4101-9CC2-024F45091F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:foscam:fi9800xe:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C61FCA92-292C-4727-8202-CC9C8CD81135",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:foscam:fi9826p:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F594F134-C17D-4F36-8CA3-989BA1B593AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:foscam:fi9828p:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43490AF6-018A-4ADA-854E-BF39DD88E4F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:foscam:fi9851p:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39B496E3-56E0-4231-B4EB-5EB515637C37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:foscam:fi9853ep:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DABEEE8-9E5C-49A9-A2EC-D9E2968161B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:foscam:fi9901ep:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1DF418-B1A9-46B6-91DD-C2C440016573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:foscam:fi9903p:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBE30F1-F107-46D8-8B60-AE8A515CD566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:foscam:fi9928p:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF0BB89-28F3-404B-BFBC-5DBAF4043721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:foscam:r2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "329EDF7D-0031-430B-9B86-2092CAAAA0B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Foscam networked devices use the same hardcoded SSL private key across different customers\u0027 installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
    },
    {
      "lang": "es",
      "value": "Los dispositivos en red de Foscam usan la misma clave privada SSL codificada en las diferentes instalaciones de los clientes, lo que permite a los atacantes remotos derrotar los mecanismos de protecci\u00f3n criptogr\u00e1fica aprovechando el conocimiento de esta clave desde otra instalaci\u00f3n."
    }
  ],
  "id": "CVE-2017-7648",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-10T19:59:00.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/540388/30/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/540388/30/0/threaded"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.