CVE-2017-2833

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:foscam:c1_firmware:2.52.2.37:*:*:*:*:*:*:*
cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-04-24 19:29

Updated : 2024-02-28 16:25


NVD link : CVE-2017-2833

Mitre link : CVE-2017-2833

CVE.ORG link : CVE-2017-2833


JSON object : View

Products Affected

foscam

  • c1
  • c1_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')