In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/99184 | Broken Link |
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348 | Technical Description Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/99184 | Broken Link |
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348 | Technical Description Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/99184 - Broken Link | |
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348 - Technical Description, Third Party Advisory, VDB Entry |
Information
Published : 2017-06-29 17:29
Updated : 2024-11-21 03:24
NVD link : CVE-2017-2846
Mitre link : CVE-2017-2846
CVE.ORG link : CVE-2017-2846
JSON object : View
Products Affected
foscam
- c1_indoor_hd_camera
- c1_indoor_hd_camera_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')