PT-2018-14783 · Foscam+1 · Foscam C2+1

Published

2018-11-07

Updated

2018-12-11

CVE-2018-19070

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Foscam C2 versions 1.11.1.8 Opticam i5 versions 1.5.2.11

Description An issue allows remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a "CGIProxy.fcgi addAccount action".

Recommendations For Foscam C2 version 1.11.1.8, avoid using the usrName parameter in the affected CGIProxy.fcgi addAccount action until the issue is resolved. For Opticam i5 version 1.5.2.11, restrict access to the CGIProxy.fcgi addAccount action to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-19070

Affected Products

Foscam C2

Opticam I5

PT-2018-14783 · Foscam+1 · Foscam C2+1

CVE-2018-19070

Weakness Enumeration

Related Identifiers

Affected Products

References · 3