CVE-2018-19072

Published Nov 7, 2018

Last updated 4 days ago

CVSS medium 5.5

Overview

Description: An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.6
Impact score: 4.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-732

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42E72BBD-5418-4C2C-B8EB-997224A0CA01"
          },
          {
            "criteria": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9E1C7BD-97E3-41F9-BC4D-9C7320C471EE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "670C0300-3A68-4AC1-B659-7727FF92D8E6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05CCF2DD-D69B-4518-B20A-376C98E2D02E"
          },
          {
            "criteria": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28AD15E7-51C8-4B2D-BCEB-8EF2AA0B61A5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "107D84D0-9D16-4930-A312-38B7586B4B4F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References