CVE-2018-19073

Published Nov 7, 2018

Last updated 4 days ago

Overview

Description
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.
Source
cve@mitre.org
NVD status
Modified

Risk scores

CVSS 3.0

Type
Primary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
9
Impact score
10
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov
CWE-78

Social media

Hype score
Not currently trending

Configurations