CVE-2017-2850

Name of the Vulnerable Software and Affected Versions Foscam C1 Indoor HD cameras version 2.52.2.37

Description A specially crafted HTTP request can allow a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this issue.

Recommendations For Foscam C1 Indoor HD cameras version 2.52.2.37, consider restricting access to the web management interface until a fix is available. As a temporary workaround, avoid using the username change feature in the web management interface to prevent potential exploitation.