VAR-201706-1123
Vulnerability from variot - Updated: 2022-05-04 10:08Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. There is a configuration error in the Foscamcamera firewall. The Foscam camera device has a firewall function, but the firewall only restricts access to the web user interface (ports 80 and 443), and the IP address denied by the firewall can still access other services, such as ONVIF. (888 ports), FTP (50021 ports), RTSP (65534 ports), and telnet (23 ports). In the case that the request is rejected by the firewall, the firewall will return different results for the validity of the credential, the invalid credential will return an error-2 error, and the valid credential will return an error-8 error, so even if there is a firewall, the user can The voucher is violently enumerated.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-1123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c2",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "sab",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "ebode",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "ivue",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "qcam",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "technaxx",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "nexxt",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "ambientcam",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "novodio",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "turbox",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "netis",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "opticam",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "7links",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "thomson",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "chacon",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "opticam i5",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08906"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-08906",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2017-08906",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08906"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. There is a configuration error in the Foscamcamera firewall. The Foscam camera device has a firewall function, but the firewall only restricts access to the web user interface (ports 80 and 443), and the IP address denied by the firewall can still access other services, such as ONVIF. (888 ports), FTP (50021 ports), RTSP (65534 ports), and telnet (23 ports). In the case that the request is rejected by the firewall, the firewall will return different results for the validity of the credential, the invalid credential will return an error-2 error, and the valid credential will return an error-8 error, so even if there is a firewall, the user can The voucher is violently enumerated.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08906"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-08906",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08906"
}
]
},
"id": "VAR-201706-1123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08906"
}
],
"trust": 1.58816287875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08906"
}
]
},
"last_update_date": "2022-05-04T10:08:40.774000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://business.f-secure.com/foscam_cameras_and_compromise"
},
{
"trust": 0.6,
"url": "http://images.news.f-secure.com/web/fsecure/%7b43df9e0d-20a8-404a-86d0-70dcca00b6e5%7d_vulnerabilities-in-foscam-ip-cameras_report.pdf?_ga=2.103952768.1877007297.1496980664-1350286355.1496980664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08906"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-08906"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08906"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08906"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Foscam camera firewall configuration error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08906"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…