1. Home
  2. CVE Database
  3. CVE-2017-7648
HIGH · 8.1

CVE-2017-7648

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging kno...

Vulnerability Description

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
FoscamC1All versions
FoscamC1 LiteAll versions
FoscamC2All versions
FoscamFi9800XeAll versions
FoscamFi9826PAll versions
FoscamFi9828PAll versions
FoscamFi9851PAll versions
FoscamFi9853EpAll versions
FoscamFi9901EpAll versions
FoscamFi9903PAll versions
FoscamFi9928PAll versions
FoscamR2All versions

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2017-7648?

CVE-2017-7648 is a vulnerability with a CVSS score of 8.1 (HIGH). Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging kno...

How severe is CVE-2017-7648?

CVE-2017-7648 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-7648?

Check the references section above for vendor advisories and patch information. Affected products include: Foscam C1, Foscam C1 Lite, Foscam C2, Foscam Fi9800Xe, Foscam Fi9826P.