PT-2018-14777 · Opticam+1 · Opticam I5 Application Firmware+3

Published

2018-11-07

Updated

2019-10-03

CVE-2018-19064

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foscam C2 versions 1.11.1.8 Foscam C2 Application Firmware versions 2.72.1.32 Opticam i5 versions 1.5.2.11 Opticam i5 Application Firmware versions 2.21.1.128

Description An issue was discovered where the ftpuser1 account has a blank password that cannot be changed.

Recommendations For Foscam C2 version 1.11.1.8, consider disabling the ftpuser1 account until a patch is available. For Foscam C2 Application Firmware version 2.72.1.32, restrict access to the ftpuser1 account to minimize the risk of exploitation. For Opticam i5 version 1.5.2.11, avoid using the ftpuser1 account in sensitive operations until the issue is resolved. For Opticam i5 Application Firmware version 2.21.1.128, limit the privileges of the ftpuser1 account as a temporary mitigation measure.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-521

Related Identifiers

CVE-2018-19064

Affected Products

Foscam C2

Foscam C2 Application Firmware

Opticam I5

Opticam I5 Application Firmware

PT-2018-14777 · Opticam+1 · Opticam I5 Application Firmware+3

CVE-2018-19064

Weakness Enumeration

Related Identifiers

Affected Products

References · 3