PT-2018-14785 · Foscam+1 · Foscam C2+1
Harry Sintonen
·
Publicado
2018-11-07
·
Atualizado
2019-10-03
·
CVE-2018-19072
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Foscam C2 versions System Firmware 1.11.1.8 and Application Firmware 2.72.1.32
Opticam i5 versions System Firmware 1.5.2.11 and Application Firmware 2.21.1.128
Description
An issue allows local users to replace an archive file within the
/mnt/mtd/app directory, which has 0777 permissions, to control what is extracted to RAM at boot time.Recommendations
For Foscam C2 with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, consider changing the permissions of the
/mnt/mtd/app directory to prevent local users from replacing archive files.
For Opticam i5 with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128, consider changing the permissions of the /mnt/mtd/app directory to prevent local users from replacing archive files.Exploit
Correção
Incorrect Permission
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Foscam C2
Opticam I5