CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19071
https://notcve.org/view.php?id=CVE-2018-19071
07 Nov 2018 — An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up. Se ha descubierto un problema en dispositivos Foscam C2 con firmware del sistema 1.11.1.8 y firmware de aplicación 2.72.1.32, así como dispositivos Opticam i5 con firmware del sistema 1.5.2.11 y fir... • https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19078
https://notcve.org/view.php?id=CVE-2018-19078
07 Nov 2018 — An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. Se ha descubierto un problema en dispositivos Foscam Opticam i5 con firmware del sistema 1.5.2.11 y firmware de aplicación 2.21.1.128. La respuesta a una petición ONVIF media GetStreamUri contiene el nombre de usuario y la contraseña del administrador. • https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19080
https://notcve.org/view.php?id=CVE-2018-19080
07 Nov 2018 — An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. Se ha descubierto un problema en dispositivos Foscam Opticam i5 con firmware del sistema 1.5.2.11 y firmware de aplicación 2.21.1.128. El método ONVIF devicemgmt SetHostname permite Cross-Site Scripting (XSS) persistente no autenticado. • https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 1CVE-2018-19069
https://notcve.org/view.php?id=CVE-2018-19069
07 Nov 2018 — An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor. Se ha descubierto un problema en dispositivos Foscam C2 con firmware del sistema 1.11.1.8 y firmware de aplicación 2.72.1.32, así como dispositivos Opticam i5 con firmware del sistema 1.5.2.11 y firmware de a... • https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19065
https://notcve.org/view.php?id=CVE-2018-19065
07 Nov 2018 — An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9*Q password in some cases. Se ha descubierto un problema en dispositivos Foscam C2 con firmware del sistema 1.11.1.8 y firmware de aplicación 2.72.1.32, así como dispositivos Opticam i5 con firmware del sistema 1.5.2.11 y firmware de apli... • https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19072
https://notcve.org/view.php?id=CVE-2018-19072
07 Nov 2018 — An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time. Se ha descubierto un problema en dispositivos Foscam C2 con firmware del sistema 1.11.1.8 y firmware de aplicación 2.72.1.32, así como dispositivos Optica... • https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19076
https://notcve.org/view.php?id=CVE-2018-19076
07 Nov 2018 — An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP). Se ha descubierto un problema en dispositivos Foscam C2 con firmware del sistema 1.11.1.8 y firmware de aplicación 2.72.1.32, así como... • https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19079
https://notcve.org/view.php?id=CVE-2018-19079
07 Nov 2018 — An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. Se ha descubierto un problema en dispositivos Foscam Opticam i5 con firmware del sistema 1.5.2.11 y firmware de aplicación 2.21.1.128. El método ONVIF devicemgmt SystemReboot permite el reinicio no autenticado. • https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 1CVE-2018-19067
https://notcve.org/view.php?id=CVE-2018-19067
07 Nov 2018 — An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account. Se ha descubierto un problema en dispositivos Foscam C2 con firmware del sistema 1.11.1.8 y firmware de aplicación 2.72.1.32, así como dispositivos Opticam i5 con firmware del sistema 1.5.2.11 y firmware de aplicación 2.21.1.128. Hay una contraseñ... • https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 1CVE-2018-19064
https://notcve.org/view.php?id=CVE-2018-19064
07 Nov 2018 — An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. Se ha descubierto un problema en dispositivos Foscam C2 con firmware del sistema 1.11.1.8 y firmware de aplicación 2.72.1.32, así como dispositivos Opticam i5 con firmware del sistema 1.5.2.11 y firmware de aplicación 2.21.1.128. La cuenta ftp... • https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt • CWE-521: Weak Password Requirements •