PT-2018-14785 · Foscam+1 · Foscam C2+1
Harry Sintonen
·
Published
2018-11-07
·
Updated
2019-10-03
·
CVE-2018-19072
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Foscam C2 versions System Firmware 1.11.1.8 and Application Firmware 2.72.1.32
Opticam i5 versions System Firmware 1.5.2.11 and Application Firmware 2.21.1.128
Description
An issue allows local users to replace an archive file within the
/mnt/mtd/app directory, which has 0777 permissions, to control what is extracted to RAM at boot time.Recommendations
For Foscam C2 with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, consider changing the permissions of the
/mnt/mtd/app directory to prevent local users from replacing archive files.
For Opticam i5 with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128, consider changing the permissions of the /mnt/mtd/app directory to prevent local users from replacing archive files.Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foscam C2
Opticam I5