CVSS: 10.0EPSS: 9%CPEs: 4EXPL: 1CVE-2019-9117
https://notcve.org/view.php?id=CVE-2019-9117
07 Mar 2019 — An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated... • https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 4EXPL: 1CVE-2019-9118
https://notcve.org/view.php?id=CVE-2019-9118
07 Mar 2019 — An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNTPServerSettings API function, as demonstrated by shel... • https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNTPServerSettings.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 4EXPL: 1CVE-2019-9119
https://notcve.org/view.php?id=CVE-2019-9119
07 Mar 2019 — An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by sh... • https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 4EXPL: 1CVE-2019-9120
https://notcve.org/view.php?id=CVE-2019-9120
07 Mar 2019 — An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell ... • https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 4EXPL: 0CVE-2019-9121
https://notcve.org/view.php?id=CVE-2019-9121
07 Mar 2019 — An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell... • https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2017-2873
https://notcve.org/view.php?id=CVE-2017-2873
19 Sep 2018 — An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. Existe una vulnerabilidad de inyección de comandos en la interfaz de gestión web empleada por Foscam C1... • https://talosintelligence.com/vulnerability_reports/TALOS-2017-0380 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-2876
https://notcve.org/view.php?id=CVE-2017-2876
19 Sep 2018 — An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. Existe una vulnerabilidad explotable de desbordamiento de búfer en la interfaz Multi-Camera utilizada por los dispositivos Foscam C1 Indoor HD Camera que ejecuten el firmware de aplicación 2.52.2.43. Una petición especialmente manipulada en... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0383 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-2877
https://notcve.org/view.php?id=CVE-2017-2877
19 Sep 2018 — A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication. Falta una comprobación de error en la interfaz Multi-Camera utilizada por los dispositivos Foscam C1 Indoor HD Camera que ejecuten el firmware de aplicación 2.52.2.43. Una petición especialmente manipulada en el puerto 10001 podría perm... • https://talosintelligence.com/vulnerability_reports/TALOS-2017-0384 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1CVE-2017-2855
https://notcve.org/view.php?id=CVE-2017-2855
19 Sep 2018 — An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. Existe una vulnerabilidad explotable de desbordamiento de búfer en el cliente DDNS utilizado por los dispositivos Foscam C1 Indoor HD Camera que ejecuten el firmware de aplicación 2.52.2.43. En disposi... • https://talosintelligence.com/vulnerability_reports/TALOS-2017-0358 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-2875
https://notcve.org/view.php?id=CVE-2017-2875
19 Sep 2018 — An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. Existe una vulnerabilidad explotable de desbordamiento de búfer en la interfaz Multi-Camera utilizada por los dispositivos Foscam C1 Indoor HD Camera que ejecuten el firmware de aplicación 2.52.2.43. Una petición especialmente manipulada en... • https://talosintelligence.com/vulnerability_reports/TALOS-2017-0382 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •