CVE-2022-28743
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera's Linux OS, an attacker could effectively change the code that is running, add backdoor access, or invade the privacy of the user by accessing the live camera stream.
Una vulnerabilidad de Condición de Carrera del Tiempo de Comprobación (TOCTOU) en la cámara IP Foscam R2C ejecutando el sistema FW versiones anteriores a 1.13.1.6 incluyéndola, y la aplicación FW versiones anteriores a 2.91.2.66 incluyéndola, permite a un atacante remoto autenticado con permisos de administrador ejecutar código remoto arbitrario por medio de un parche de firmware malicioso. El impacto de esta vulnerabilidad es que el atacante remoto podría conseguir acceso remoto completo a la cámara IP y al sistema Linux subyacente con permisos de root. Con el acceso root al sistema operativo Linux de la cámara, un atacante podría cambiar efectivamente el código que esta siendo ejecutando, añadir acceso de puerta trasera o invadir la privacidad del usuario al acceder a la transmisión en vivo de la cámara
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-06 CVE Reserved
- 2022-04-21 CVE Published
- 2024-07-13 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/keeping-a-critical-eye-on-iot-devices.html | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Foscam Search vendor "Foscam" | R2c Application Firmware Search vendor "Foscam" for product "R2c Application Firmware" | <= 2.91.2.66 Search vendor "Foscam" for product "R2c Application Firmware" and version " <= 2.91.2.66" | - |
Affected
| in | Foscam Search vendor "Foscam" | R2c Search vendor "Foscam" for product "R2c" | - | - |
Safe
|
Foscam Search vendor "Foscam" | R2c System Firmware Search vendor "Foscam" for product "R2c System Firmware" | <= 1.13.1.6 Search vendor "Foscam" for product "R2c System Firmware" and version " <= 1.13.1.6" | - |
Affected
| in | Foscam Search vendor "Foscam" | R2c Search vendor "Foscam" for product "R2c" | - | - |
Safe
|