- Description
- An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP).
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42E72BBD-5418-4C2C-B8EB-997224A0CA01"
},
{
"criteria": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9E1C7BD-97E3-41F9-BC4D-9C7320C471EE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "670C0300-3A68-4AC1-B659-7727FF92D8E6"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05CCF2DD-D69B-4518-B20A-376C98E2D02E"
},
{
"criteria": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28AD15E7-51C8-4B2D-BCEB-8EF2AA0B61A5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "107D84D0-9D16-4930-A312-38B7586B4B4F"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]