PT-2018-14790 · Foscam · Foscam Opticam I5

Published

2018-11-07

Updated

2018-12-13

CVE-2018-19077

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128

Description A denial of service issue was discovered, allowing remote attackers to cause the daemon to hang or restart via a negative integer in the Content-Length header of the RTSP protocol.

Recommendations For Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128, consider restricting access to the RtspServer until a patch is available. As a temporary workaround, avoid using negative integers in the Content-Length header to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2018-19077

Affected Products

Foscam Opticam I5

PT-2018-14790 · Foscam · Foscam Opticam I5

CVE-2018-19077

Weakness Enumeration

Related Identifiers

Affected Products

References · 3