- Description
- An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
- nvd@nist.gov
- CWE-78
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42E72BBD-5418-4C2C-B8EB-997224A0CA01"
},
{
"criteria": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9E1C7BD-97E3-41F9-BC4D-9C7320C471EE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "670C0300-3A68-4AC1-B659-7727FF92D8E6"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05CCF2DD-D69B-4518-B20A-376C98E2D02E"
},
{
"criteria": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28AD15E7-51C8-4B2D-BCEB-8EF2AA0B61A5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "107D84D0-9D16-4930-A312-38B7586B4B4F"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]