CVE-2017-7648

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

CVSS v3 8.1 HIGH
CVSS v2.0 4.3 MEDIUM

8.1^/10

CVSS v3 : HIGH

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/540388/30/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/540388/30/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:foscam:c1::::::::
	cpe:2.3:h:foscam:c1_lite::::::::
	cpe:2.3:h:foscam:c2::::::::
	cpe:2.3:h:foscam:fi9800xe::::::::
	cpe:2.3:h:foscam:fi9826p::::::::
	cpe:2.3:h:foscam:fi9828p::::::::
	cpe:2.3:h:foscam:fi9851p::::::::
	cpe:2.3:h:foscam:fi9853ep::::::::
	cpe:2.3:h:foscam:fi9901ep::::::::
	cpe:2.3:h:foscam:fi9903p::::::::
	cpe:2.3:h:foscam:fi9928p::::::::
	cpe:2.3:h:foscam:r2::::::::

History

21 Nov 2024, 03:32

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/archive/1/540388/30/0/threaded - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/archive/1/540388/30/0/threaded - Third Party Advisory, VDB Entry

Information

Published : 2017-04-10 19:59

Updated : 2024-11-21 03:32

NVD link : CVE-2017-7648

Mitre link : CVE-2017-7648

CVE.ORG link : CVE-2017-7648

JSON object : View

Products Affected

foscam

fi9851p
fi9853ep
c2
fi9903p
fi9928p
r2
fi9828p
fi9826p
c1
fi9800xe
c1_lite
fi9901ep

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2017-7648", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2017-04-10T19:59:00.297", "references": [{"url": "http://www.securityfocus.com/archive/1/540388/30/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/540388/30/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."}, {"lang": "es", "value": "Los dispositivos en red de Foscam usan la misma clave privada SSL codificada en las diferentes instalaciones de los clientes, lo que permite a los atacantes remotos derrotar los mecanismos de protecci\u00f3n criptogr\u00e1fica aprovechando el conocimiento de esta clave desde otra instalaci\u00f3n."}], "lastModified": "2024-11-21T03:32:22.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:foscam:c1:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7389DE9-CA20-4C78-8995-283B62F1EFF5"}, {"criteria": "cpe:2.3:h:foscam:c1_lite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E397A2B-A359-47F7-8511-46C9A4AB6138"}, {"criteria": "cpe:2.3:h:foscam:c2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CD4E331-F8EC-4101-9CC2-024F45091F88"}, {"criteria": "cpe:2.3:h:foscam:fi9800xe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C61FCA92-292C-4727-8202-CC9C8CD81135"}, {"criteria": "cpe:2.3:h:foscam:fi9826p:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F594F134-C17D-4F36-8CA3-989BA1B593AF"}, {"criteria": "cpe:2.3:h:foscam:fi9828p:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43490AF6-018A-4ADA-854E-BF39DD88E4F4"}, {"criteria": "cpe:2.3:h:foscam:fi9851p:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39B496E3-56E0-4231-B4EB-5EB515637C37"}, {"criteria": "cpe:2.3:h:foscam:fi9853ep:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DABEEE8-9E5C-49A9-A2EC-D9E2968161B0"}, {"criteria": "cpe:2.3:h:foscam:fi9901ep:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC1DF418-B1A9-46B6-91DD-C2C440016573"}, {"criteria": "cpe:2.3:h:foscam:fi9903p:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FBE30F1-F107-46D8-8B60-AE8A515CD566"}, {"criteria": "cpe:2.3:h:foscam:fi9928p:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BF0BB89-28F3-404B-BFBC-5DBAF4043721"}, {"criteria": "cpe:2.3:h:foscam:r2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "329EDF7D-0031-430B-9B86-2092CAAAA0B5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}