CVE-2013-2574
published 2020-01-29CVE-2013-2574: An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a…
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
29.59%
98.0th percentile
An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP server logs for unauthenticated GET requests targeting the paths /tmpfs/ and /log/ on FOSCAM FI8620 devices, which require no authentication and expose sensitive files. ↗
- ·The config_backup.bin file is only present if an operator/administrator has previously executed the backup process; exploitation of that specific path is conditional on this prior action. ↗
- ·Other Foscam devices sharing the same firmware as the FI8620 may also be affected but were not confirmed tested. ↗
- ·No official patch was provided by the vendor; no non-vulnerable firmware version is confirmed. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.coresecurity.com/advisories/foscam-ip-cameras-improper-access-restrictionshttp://www.exploit-db.com/exploits/27076http://www.securityfocus.com/bid/61415https://exchange.xforce.ibmcloud.com/vulnerabilities/85941https://packetstormsecurity.com/files/cve/CVE-2013-2574http://www.coresecurity.com/advisories/foscam-ip-cameras-improper-access-restrictionshttp://www.exploit-db.com/exploits/27076http://www.securityfocus.com/bid/61415https://exchange.xforce.ibmcloud.com/vulnerabilities/85941https://packetstormsecurity.com/files/cve/CVE-2013-2574
2020-01-29
Published