CVE-2018-19075

Опубликовано: 07 нояб. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8.

Ссылки

https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
Exploit
Third Party Advisory
https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*

cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*

cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*

cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*

cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00568

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-5q3h-r84g-987w