Vulnerability Description
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opticam | I5 Application Firmware | 2.21.1.128 |
| Opticam | I5 System Firmware | 1.5.2.11 |
| Opticam | I5 | - |
| Foscam | C2 Application Firmware | 2.72.1.32 |
| Foscam | C2 System Firmware | 1.11.1.8 |
| Foscam | C2 | - |
Related Weaknesses (CWE)
References
- https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txtExploitThird Party Advisory
- https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txtExploitThird Party Advisory
FAQ
What is CVE-2018-19071?
CVE-2018-19071 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128....
How severe is CVE-2018-19071?
CVE-2018-19071 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-19071?
Check the references section above for vendor advisories and patch information. Affected products include: Opticam I5 Application Firmware, Opticam I5 System Firmware, Opticam I5, Foscam C2 Application Firmware, Foscam C2 System Firmware.