CVE-2017-2805
published 2017-06-21CVE-2017-2805: An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
26.25%
97.7th percentile
An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An attacker can simply send an http request to the device to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foscam | c1_hd_indoor_camera_firmware | <= 1.9.3.17 | — |
| foscam | indoor_ip_camera_c1_series | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple Foscam C1 Vulnerabilities Come in to Focus
blogs_talos·2017-06-19·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: Multiple Foscam C1 Vulnerabilities Come in to Focus
## Vulnerability Spotlight: Multiple Foscam C1 Vulnerabilities Come in to Focus
## Executive Summary The Foscam C1 is a webcam that is marketed for use in a variety of applications including home security monitoring. As an indoor webcam, it is designed to be set up inside of a building and features the ability to be accessed remotely via a web interface or from within a mobile application. Talos recently identified several vulnerabilities in the Foscam C1 camera that could be used by attackers for a variety of purposes including access and retrieval of sensitive information stored on the camera, execution of arbitrary commands within the camera's operating system, and in several cases, completely compromise the device. As these cameras are commonly deployed in sensitive locations and used
Talos
Vulnerability Spotlight: Multiple Foscam C1 Vulnerabilities Come in to Focus
blogs_talos·2017-06-19·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: Multiple Foscam C1 Vulnerabilities Come in to Focus
## Executive Summary The Foscam C1 is a webcam that is marketed for use in a variety of applications including home security monitoring. As an indoor webcam, it is designed to be set up inside of a building and features the ability to be accessed remotely via a web interface or from within a mobile application. Talos recently identified several vulnerabilities in the Foscam C1 camera that could be used by attackers for a variety of purposes including access and retrieval of sensitive information stored on the camera, execution of arbitrary commands within the camera's operating system, and in several cases, completely compromise the device. As these cameras are commonly deployed in sensitive locations and used as baby monitors, security cameras, etc. it is recommended that affected devices
2017-06-21
Published