var-201703-0744
Vulnerability from variot
A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges. Foscam is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. Both Foscam and Vstarcam IP camera are network camera products. Goahead webserver is one of the cross-platform embedded webserver
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0744", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "goahead", "scope": "eq", "trust": 1.6, "vendor": "embedthis", "version": null }, { "model": "goahead", "scope": null, "trust": 0.8, "vendor": "embedthis", "version": null }, { "model": "foscam", "scope": null, "trust": 0.6, "vendor": "foscam", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-03633" }, { "db": "JVNDB", "id": "JVNDB-2017-002234" }, { "db": "NVD", "id": "CVE-2017-5675" }, { "db": "CNNVD", "id": "CNNVD-201703-532" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:embedthis:goahead:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-5675" } ] }, "cve": "CVE-2017-5675", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2017-5675", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CNVD-2017-03633", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "VHN-113878", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-5675", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-5675", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-03633", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201703-532", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-113878", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-03633" }, { "db": "VULHUB", "id": "VHN-113878" }, { "db": "JVNDB", "id": "JVNDB-2017-002234" }, { "db": "NVD", "id": "CVE-2017-5675" }, { "db": "CNNVD", "id": "CNNVD-201703-532" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges. Foscam is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. Both Foscam and Vstarcam IP camera are network camera products. Goahead webserver is one of the cross-platform embedded webserver", "sources": [ { "db": "NVD", "id": "CVE-2017-5675" }, { "db": "JVNDB", "id": "JVNDB-2017-002234" }, { "db": "CNVD", "id": "CNVD-2017-03633" }, { "db": "VULHUB", "id": "VHN-113878" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-5675", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2017-002234", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201703-532", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2017-03633", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-113878", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-03633" }, { "db": "VULHUB", "id": "VHN-113878" }, { "db": "JVNDB", "id": "JVNDB-2017-002234" }, { "db": "NVD", "id": "CVE-2017-5675" }, { "db": "CNNVD", "id": "CNNVD-201703-532" } ] }, "id": "VAR-201703-0744", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2017-03633" }, { "db": "VULHUB", "id": "VHN-113878" } ], "trust": 0.06999999999999999 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-03633" } ] }, "last_update_date": "2023-12-18T13:34:18.865000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://embedthis.com/goahead/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-002234" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-113878" }, { "db": "JVNDB", "id": "JVNDB-2017-002234" }, { "db": "NVD", "id": "CVE-2017-5675" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://www.cybereason.com/cve-ip-cameras/" }, { "trust": 2.5, "url": "https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5675" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5675" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-03633" }, { "db": "VULHUB", "id": "VHN-113878" }, { "db": "JVNDB", "id": "JVNDB-2017-002234" }, { "db": "NVD", "id": "CVE-2017-5675" }, { "db": "CNNVD", "id": "CNNVD-201703-532" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2017-03633" }, { "db": "VULHUB", "id": "VHN-113878" }, { "db": "JVNDB", "id": "JVNDB-2017-002234" }, { "db": "NVD", "id": "CVE-2017-5675" }, { "db": "CNNVD", "id": "CNNVD-201703-532" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-03-29T00:00:00", "db": "CNVD", "id": "CNVD-2017-03633" }, { "date": "2017-03-13T00:00:00", "db": "VULHUB", "id": "VHN-113878" }, { "date": "2017-04-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-002234" }, { "date": "2017-03-13T06:59:00.417000", "db": "NVD", "id": "CVE-2017-5675" }, { "date": "2017-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201703-532" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-03-29T00:00:00", "db": "CNVD", "id": "CNVD-2017-03633" }, { "date": "2017-03-15T00:00:00", "db": "VULHUB", "id": "VHN-113878" }, { "date": "2017-04-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-002234" }, { "date": "2017-03-15T17:11:08.363000", "db": "NVD", "id": "CVE-2017-5675" }, { "date": "2017-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201703-532" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201703-532" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Foscam Such as white label IP For custom builds used in camera models GoAhead Web Command injection vulnerability in the server", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-002234" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201703-532" } ], "trust": 0.6 } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.