Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 29/06/2017 Updated: 07/06/2022

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
foscam c1_indoor_hd_camera_firmware 2.52.2.37

CWE-78 https://talosintelligence.com/vulnerability_reports/TALOS-2017-0352 http://www.securityfocus.com/bid/99184 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-2850

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect