CVE-2017-2833

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:foscam:c1_firmware:2.52.2.37:*:*:*:*:*:*:*
cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:24

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/99184 - Broken Link () http://www.securityfocus.com/bid/99184 - Broken Link
References () https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0334 - Exploit, Third Party Advisory () https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0334 - Exploit, Third Party Advisory

Information

Published : 2018-04-24 19:29

Updated : 2024-11-21 03:24


NVD link : CVE-2017-2833

Mitre link : CVE-2017-2833

CVE.ORG link : CVE-2017-2833


JSON object : View

Products Affected

foscam

  • c1_firmware
  • c1
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')