An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.
References
Link | Resource |
---|---|
https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
No history.
Information
Published : 2018-11-07 18:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-19073
Mitre link : CVE-2018-19073
CVE.ORG link : CVE-2018-19073
JSON object : View
Products Affected
opticam
- i5
- i5_system_firmware
- i5_application_firmware
foscam
- c2_system_firmware
- c2_application_firmware
- c2
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')