CVE-2018-19064

Name of the Vulnerable Software and Affected Versions Foscam C2 versions 1.11.1.8 Foscam C2 Application Firmware versions 2.72.1.32 Opticam i5 versions 1.5.2.11 Opticam i5 Application Firmware versions 2.21.1.128

Description An issue was discovered where the ftpuser1 account has a blank password that cannot be changed.

Recommendations For Foscam C2 version 1.11.1.8, consider disabling the ftpuser1 account until a patch is available. For Foscam C2 Application Firmware version 2.72.1.32, restrict access to the ftpuser1 account to minimize the risk of exploitation. For Opticam i5 version 1.5.2.11, avoid using the ftpuser1 account in sensitive operations until the issue is resolved. For Opticam i5 Application Firmware version 2.21.1.128, limit the privileges of the ftpuser1 account as a temporary mitigation measure.