PT-2018-14795 · Foscam · Foscam Opticam I5

Harry Sintonen

Published

2018-11-07

Updated

2020-08-24

CVE-2018-19082

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128

Description A remote stack-based buffer overflow issue was discovered, allowing attackers to conduct attacks via the IPv4Address field in the ONVIF devicemgmt SetDNS method.

Recommendations For Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128, consider restricting access to the ONVIF devicemgmt SetDNS method until a patch is available. Avoid using the IPv4Address field in the affected method to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2018-19082

Affected Products

Foscam Opticam I5

PT-2018-14795 · Foscam · Foscam Opticam I5

CVE-2018-19082

Weakness Enumeration

Related Identifiers

Affected Products

References · 3