CVE-2018-19081

Name of the Vulnerable Software and Affected Versions Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128

Description An issue was discovered that allows remote attackers to execute arbitrary OS commands. This is achieved through the ONVIF devicemgmt SetDNS method, specifically by exploiting the IPv4Address field.

Recommendations For Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128, consider restricting access to the ONVIF devicemgmt SetDNS method until a patch is available. As a temporary workaround, avoid using the IPv4Address field in the SetDNS method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.