CVE-2014-1849

Name of the Vulnerable Software and Affected Versions Foscam IP camera versions 11.37.2.49 and other versions

Description The issue allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server. This is possible because the Foscam IP camera generates credentials based on predictable camera subdomain names when using the Foscam DynDNS option.

Recommendations For version 11.37.2.49 and other affected versions, consider disabling the Foscam DynDNS option until a patch is available to prevent remote attackers from spoofing or hijacking cameras. Restrict access to the camera's DNS server records to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.