Overview
- Description
- An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42E72BBD-5418-4C2C-B8EB-997224A0CA01"
},
{
"criteria": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9E1C7BD-97E3-41F9-BC4D-9C7320C471EE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "670C0300-3A68-4AC1-B659-7727FF92D8E6"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05CCF2DD-D69B-4518-B20A-376C98E2D02E"
},
{
"criteria": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28AD15E7-51C8-4B2D-BCEB-8EF2AA0B61A5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "107D84D0-9D16-4930-A312-38B7586B4B4F"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]