PT-2018-14791 · Foscam · Foscam Opticam I5

Published

2018-11-07

Updated

2019-10-03

CVE-2018-19078

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128

Description An issue was discovered where the response to an ONVIF media GetStreamUri request contains the administrator username and password.

Recommendations For Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128, consider changing the administrator password and restricting access to the ONVIF media GetStreamUri request until a patch is available.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-19078

Affected Products

Foscam Opticam I5

PT-2018-14791 · Foscam · Foscam Opticam I5

CVE-2018-19078

Weakness Enumeration

Related Identifiers

Affected Products

References · 3