CVE-2018-19071

Name of the Vulnerable Software and Affected Versions Foscam C2 versions 1.11.1.8 Foscam C2 Application Firmware versions 2.72.1.32 Opticam i5 versions 1.5.2.11 Opticam i5 Application Firmware versions 2.21.1.128

Description An issue was discovered that allows local users to control the commands executed at system start-up due to the /mnt/mtd/boot.sh file having 0777 permissions.

Recommendations For Foscam C2 version 1.11.1.8, change the permissions of the /mnt/mtd/boot.sh file to prevent local users from modifying it. For Foscam C2 Application Firmware version 2.72.1.32, update the firmware to a version that sets proper permissions for the /mnt/mtd/boot.sh file. For Opticam i5 version 1.5.2.11, change the permissions of the /mnt/mtd/boot.sh file to prevent local users from modifying it. For Opticam i5 Application Firmware version 2.21.1.128, update the firmware to a version that sets proper permissions for the /mnt/mtd/boot.sh file.