CVE-2018-19070

Опубликовано: 07 нояб. 2018

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Низкий

Описание

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action.

Ссылки

https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
Exploit
Third Party Advisory
https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*

cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*

cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*

cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*

cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02641

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-q7ww-vpwp-p5p4