CVE-2017-2849

Name of the Vulnerable Software and Affected Versions Foscam C1 Indoor HD cameras version 2.52.2.37

Description A command injection issue exists in the web management interface of the affected device. This occurs when a specially crafted HTTP request is sent, allowing an attacker to inject arbitrary shell characters during NTP server configuration. An attacker can trigger this issue by sending a crafted HTTP request to the device.

Recommendations For Foscam C1 Indoor HD cameras version 2.52.2.37, consider restricting access to the web management interface until a fix is available. As a temporary workaround, avoid using the NTP server configuration feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.