VAR-201706-1140
Vulnerability from variot - Updated: 2022-05-04 09:47Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. Foscamcamera anonymous ONVIFSetDNS has a remote command injection vulnerability. The Foscam camera device uses the ONVIF protocol interface to allow anonymous access. An unauthenticated attacker can trigger remote command execution through the devicemgmtSetDNS method, and the command is executed as root. This particular vulnerability is very serious because it can be used without any credentials.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-1140",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c2",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "sab",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "ebode",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "ivue",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "qcam",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "technaxx",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "nexxt",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "ambientcam",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "novodio",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "turbox",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "netis",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "opticam",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "7links",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "thomson",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "chacon",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
},
{
"model": "opticam i5",
"scope": null,
"trust": 0.6,
"vendor": "foscam",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08914"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-08914",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2017-08914",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08914"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. Foscamcamera anonymous ONVIFSetDNS has a remote command injection vulnerability. The Foscam camera device uses the ONVIF protocol interface to allow anonymous access. An unauthenticated attacker can trigger remote command execution through the devicemgmtSetDNS method, and the command is executed as root. This particular vulnerability is very serious because it can be used without any credentials.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08914"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-08914",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08914"
}
]
},
"id": "VAR-201706-1140",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08914"
}
],
"trust": 1.58816287875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08914"
}
]
},
"last_update_date": "2022-05-04T09:47:37.862000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://business.f-secure.com/foscam_cameras_and_compromise"
},
{
"trust": 0.6,
"url": "http://images.news.f-secure.com/web/fsecure/%7b43df9e0d-20a8-404a-86d0-70dcca00b6e5%7d_vulnerabilities-in-foscam-ip-cameras_report.pdf?_ga=2.103952768.1877007297.1496980664-1350286355.1496980664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08914"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-08914"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08914"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08914"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Foscam camera anonymous ONVIF SetDNS remote command injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08914"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…