CVE-2017-5675

Name of the Vulnerable Software and Affected Versions Foscam, Vstarcam, and multiple white-label IP camera models (affected versions not specified)

Description A command-injection issue exists in the web application on custom-built GoAhead web servers used by the affected IP camera models. Specifically, the mail-sending form on the mail.htm page is vulnerable, allowing an attacker to inject a command into the receiver1 field, which will be executed with root privileges.

Recommendations For Foscam, Vstarcam, and multiple white-label IP camera models, consider disabling the mail-sending form on the mail.htm page until a fix is available to prevent potential command injection attacks. Restrict access to the mail.htm page to minimize the risk of exploitation. Avoid using the receiver1 field in the mail-sending form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.