CVE-2014-1911
https://notcve.org/view.php?id=CVE-2014-1911
The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password. La camera Foscam FI8910W con firmware anterior a 11.37.2.55 permite a atacantes remotos obtener datos sensibles de vídeo e imágenes a través de un nombre de usuario y una contraseña en blanco. • http://foscam.us/forum/mjpeg-54-firmware-bug-user-logon-bypass-t8442.html http://www.kb.cert.org/vuls/id/525132 • CWE-287: Improper Authentication •
CVE-2013-5215 – FOSCAM Wireless IP Camera Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-5215
Cross-site scripting (XSS) vulnerability in the web interface "WiFi scan" option in FOSCAM Wireless IP Cameras allows remote attackers to inject arbitrary web script or HTML via the SSID. Vulnerabilidad de XSS en la interfaz web "WiFi scan" de FOSCAM Wireless IP Cameras permite a atacantes remotos inyectar script web o HTML arbitrario a través del SSID. FOSCAM Wireless IP Camera suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0046.html http://osvdb.org/99550 http://packetstormsecurity.com/files/123943/FOSCAM-Wireless-IP-Camera-Cross-Site-Scripting.html http://secunia.com/advisories/55080 https://exchange.xforce.ibmcloud.com/vulnerabilities/88629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2574 – FOSCAM IP-Cameras - Improper Access Restrictions
https://notcve.org/view.php?id=CVE-2013-2574
An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. Se presenta una vulnerabilidad de Acceso en FOSCAM IP Camera FI8620, debido a restricciones de acceso insuficientes en los directorios /tmpfs/ y /log/, lo que podría permitir a un usuario malicioso obtener información confidencial. • https://www.exploit-db.com/exploits/27076 http://www.coresecurity.com/advisories/foscam-ip-cameras-improper-access-restrictions http://www.exploit-db.com/exploits/27076 http://www.securityfocus.com/bid/61415 https://exchange.xforce.ibmcloud.com/vulnerabilities/85941 https://packetstormsecurity.com/files/cve/CVE-2013-2574 • CWE-863: Incorrect Authorization •
CVE-2013-2560 – Foscam < 11.37.2.49 - Directory Traversal
https://notcve.org/view.php?id=CVE-2013-2560
Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials. Vulnerabilidad de salto de directorio en la interfaz web en dispositivos Foscam con firmware anterior a v11.37.2.49 que permite a atacantes remotos leer ficheros a través de .. (punto punto) en la URI, se ha demostrado descubriendo (1) credenciales web o (2) credenciales Wi-Fi. Foscam firmware versions 11.37.2.48 and below suffer from a path traversal vulnerability. • https://www.exploit-db.com/exploits/38356 http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2012-3002
https://notcve.org/view.php?id=CVE-2012-3002
The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL. La interfaz web en las cámaras IP (1) Foscam y (2) Wansview permite eludir la autenticación a los atacantes, así como realizar funciones administrativas o leer la contraseña de administrador, a través de una solicitud directa a una URL no especificada. • http://foscam.us/forum/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html http://secunia.com/advisories/50950 http://secunia.com/advisories/50966 http://www.foscam.com/help.aspx?TypeId=11 http://www.kb.cert.org/vuls/id/265532 http://www.securityfocus.com/bid/55873 • CWE-287: Improper Authentication •