CVE-2018-19075

Name of the Vulnerable Software and Affected Versions Foscam C2 versions 1.11.1.8 Foscam C2 Application Firmware versions 2.72.1.32 Opticam i5 versions 1.5.2.11 Opticam i5 Application Firmware versions 2.21.1.128

Description An issue in the firewall feature of the affected devices makes it easier for remote attackers to ascertain credentials and firewall rules. This is because the device returns different error codes for invalid credentials (error -2) and rule-based blocking (error -8), potentially allowing attackers to deduce the presence of specific rules or credentials.

Recommendations For Foscam C2 version 1.11.1.8, consider disabling the firewall feature until a patch is available. For Foscam C2 Application Firmware version 2.72.1.32, restrict access to the device to minimize the risk of exploitation. For Opticam i5 version 1.5.2.11, avoid using the firewall feature in its current state to prevent potential credential exposure. For Opticam i5 Application Firmware version 2.21.1.128, limit remote access to reduce the risk of attackers exploiting the issue.