VAR-201706-1125
Vulnerability from variot - Updated: 2022-05-04 09:23Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. The Foscamcamera configuration backup file is hard-coded and protected. The configuration file of the Foscam camera device contains the administrator's password, which can be exported from the device. Although the exported backup file is encrypted, the credentials used for decryption are also hard-coded. If the attacker has analyzed the device and got hard-coded credentials, the administrator's password can be obtained.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-1125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c2",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "sab",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "ebode",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "ivue",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "qcam",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "technaxx",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "nexxt",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "ambientcam",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "novodio",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "turbox",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "netis",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "opticam",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "7links",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "thomson",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "chacon",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "opticam i5",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08907"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-08907",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2017-08907",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08907"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. The Foscamcamera configuration backup file is hard-coded and protected. The configuration file of the Foscam camera device contains the administrator\u0027s password, which can be exported from the device. Although the exported backup file is encrypted, the credentials used for decryption are also hard-coded. If the attacker has analyzed the device and got hard-coded credentials, the administrator\u0027s password can be obtained.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08907"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-08907",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08907"
}
]
},
"id": "VAR-201706-1125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08907"
}
],
"trust": 1.58816287875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08907"
}
]
},
"last_update_date": "2022-05-04T09:23:16.862000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://business.f-secure.com/foscam_cameras_and_compromise"
},
{
"trust": 0.6,
"url": "http://images.news.f-secure.com/web/fsecure/%7b43df9e0d-20a8-404a-86d0-70dcca00b6e5%7d_vulnerabilities-in-foscam-ip-cameras_report.pdf?_ga=2.103952768.1877007297.1496980664-1350286355.1496980664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08907"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-08907"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08907"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08907"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Foscam camera configuration backup file is hardcoded to protect the vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08907"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…