PT-2018-14789 · Foscam+1 · Foscam C2+1
Harry Sintonen
·
Publicado
2018-11-07
·
Atualizado
2018-12-11
·
CVE-2018-19076
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foscam C2 versions 1.11.1.8
Opticam i5 versions 1.5.2.11
Description
An issue was discovered that makes it easier for attackers to conduct brute-force authentication attacks. The FTP and RTSP services do not have failed-authentication limits, unlike HTTP, which makes them more susceptible to such attacks.
Recommendations
For Foscam C2 version 1.11.1.8, consider restricting access to the FTP and RTSP services until a patch is available.
For Opticam i5 version 1.5.2.11, consider restricting access to the FTP and RTSP services until a patch is available.
As a temporary workaround, consider implementing additional authentication measures, such as IP blocking or rate limiting, to minimize the risk of exploitation.
Exploit
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Foscam C2
Opticam I5