PT-2018-17765 · Foscam · Fi9821P+50

Published

2018-07-09

Updated

2019-10-03

CVE-2018-6831

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Foscam Cameras C1 Lite V3 versions 2.82.2.33 and earlier Foscam Cameras C1 V3 versions 2.82.2.33 and earlier Foscam Cameras FI9800P V3 versions 2.84.2.33 and earlier Foscam Cameras FI9803P V4 versions 2.84.2.33 and earlier Foscam Cameras FI9851P V3 versions 2.84.2.33 and earlier Foscam Cameras FI9853EP V2 versions 2.84.2.33 and earlier Foscam Cameras FI9816P V3 versions 2.81.2.33 and earlier Foscam Cameras FI9821EP V2 versions 2.81.2.33 and earlier Foscam Cameras FI9821P V3 versions 2.81.2.33 and earlier Foscam Cameras FI9826P V3 versions 2.81.2.33 and earlier Foscam Cameras FI9831P V3 versions 2.81.2.33 and earlier Foscam Cameras C1 versions 2.52.2.47 and earlier Foscam Cameras C1 V2 versions 2.52.2.47 and earlier Foscam Cameras C1 Lite versions 2.52.2.47 and earlier Foscam Cameras C1 Lite V2 versions 2.52.2.47 and earlier Foscam Cameras FI9800P versions 2.54.2.47 and earlier Foscam Cameras FI9800P V2 versions 2.54.2.47 and earlier Foscam Cameras FI9803P V2 versions 2.54.2.47 and earlier Foscam Cameras FI9803P V3 versions 2.54.2.47 and earlier Foscam Cameras FI9851P V2 versions 2.54.2.47 and earlier Foscam Cameras FI9815P versions 2.51.2.47 and earlier Foscam Cameras FI9815P V2 versions 2.51.2.47 and earlier Foscam Cameras FI9816P versions 2.51.2.47 and earlier Foscam Cameras FI9816P V2 versions 2.51.2.47 and earlier Foscam Cameras R2 versions 2.71.1.59 and earlier Foscam Cameras R4 versions 2.71.1.59 and earlier Foscam Cameras C2 versions 2.72.1.59 and earlier Foscam Cameras FI9961EP versions 2.72.1.59 and earlier Foscam Cameras FI9900EP versions 2.74.1.59 and earlier Foscam Cameras FI9900P versions 2.74.1.59 and earlier Foscam Cameras FI9901EP versions 2.74.1.59 and earlier Foscam Cameras FI9928P versions 2.74.1.58 and earlier Foscam Cameras FI9803EP versions 2.22.2.31 and earlier Foscam Cameras FI9853EP versions 2.22.2.31 and earlier Foscam Cameras FI9803P versions 2.24.2.31 and earlier Foscam Cameras FI9851P versions 2.24.2.31 and earlier Foscam Cameras FI9821P V2 versions 2.21.2.31 and earlier Foscam Cameras FI9826P V2 versions 2.21.2.31 and earlier Foscam Cameras FI9831P V2 versions 2.21.2.31 and earlier Foscam Cameras FI9821EP versions 2.21.2.31 and earlier Foscam Cameras FI9821W V2 versions 2.11.1.120 and earlier Foscam Cameras FI9831W versions 2.11.1.120 and earlier Foscam Cameras FI9826W versions 2.11.1.120 and earlier Foscam Cameras FI9821P versions 2.11.1.120 and earlier Foscam Cameras FI9831P versions 2.11.1.120 and earlier Foscam Cameras FI9826P versions 2.11.1.120 and earlier Foscam Cameras FI9818W V2 versions 2.13.2.120 and earlier Foscam Cameras FI9805W versions 2.14.1.120 and earlier Foscam Cameras FI9804W versions 2.14.1.120 and earlier Foscam Cameras FI9804P versions 2.14.1.120 and earlier Foscam Cameras FI9805E versions 2.14.1.120 and earlier Foscam Cameras FI9805P versions 2.14.1.120 and earlier Foscam Cameras FI9828P versions 2.13.1.120 and earlier Foscam Cameras FI9828W versions 2.13.1.120 and earlier Foscam Cameras FI9828P V2 versions 2.11.1.133 and earlier

Description The issue allows remote authenticated users to execute arbitrary commands via a ';' in the ntpServer argument. This is due to an incomplete fix for a previous issue.

Recommendations For Foscam Cameras C1 Lite V3 versions 2.82.2.33 and earlier, update to a version later than 2.82.2.33. For Foscam Cameras C1 V3 versions 2.82.2.33 and earlier, update to a version later than 2.82.2.33. For Foscam Cameras FI9800P V3 versions 2.84.2.33 and earlier, update to a version later than 2.84.2.33. For Foscam Cameras FI9803P V4 versions 2.84.2.33 and earlier, update to a version later than 2.84.2.33. For Foscam Cameras FI9851P V3 versions 2.84.2.33 and earlier, update to a version later than 2.84.2.33. For Foscam Cameras FI9853EP V2 versions 2.84.2.33 and earlier, update to a version later than 2.84.2.33. For Foscam Cameras FI9816P V3 versions 2.81.2.33 and earlier, update to a version later than 2.81.2.33. For Foscam Cameras FI9821EP V2 versions 2.81.2.33 and earlier, update to a version later than 2.81.2.33. For Foscam Cameras FI9821P V3 versions 2.81.2.33 and earlier, update to a version later than 2.81.2.33. For Foscam Cameras FI9826P V3 versions 2.81.2.33 and earlier, update to a version later than 2.81.2.33. For Foscam Cameras FI9831P V3 versions 2.81.2.33 and earlier, update to a version later than 2.81.2.33. For Foscam Cameras C1 versions 2.52.2.47 and earlier, update to a version later than 2.52.2.47. For Foscam Cameras C1 V2 versions 2.52.2.47 and earlier, update to a version later than 2.52.2.47. For Foscam Cameras C1 Lite versions 2.52.2.47 and earlier, update to a version later than 2.52.2.47. For Foscam Cameras C1 Lite V2 versions 2.52.2.47 and earlier, update to a version later than 2.52.2.47. For Foscam Cameras FI9800P versions 2.54.2.47 and earlier, update to a version later than 2.54.2.47. For Foscam Cameras FI9800P V2 versions 2.54.2.47 and earlier, update to a version later than 2.54.2.47. For Foscam Cameras FI9803P V2 versions 2.54.2.47 and earlier, update to a version later than 2.54.2.47. For Foscam Cameras FI9803P V3 versions 2.54.2.47 and earlier, update to a version later than 2.54.2.47. For Foscam Cameras FI9851P V2 versions 2.54.2.47 and earlier, update to a version later than 2.54.2.47. For Foscam Cameras FI9815P versions 2.51.2.47 and earlier, update to a version later than 2.51.2.47. For Foscam Cameras FI9815P V2 versions 2.51.2.47 and earlier, update to a version later than 2.51.2.47. For Foscam Cameras FI9816P versions 2.51.2.47 and earlier, update to a version later than 2.51.2.47. For Foscam Cameras FI9816P V2 versions 2.51.2.47 and earlier, update to a version later than 2.51.2.47. For Foscam Cameras R2 versions 2.71.1.59 and earlier, update to a version later than 2.71.1.59. For Foscam Cameras R4 versions 2.71.1.59 and earlier, update to a version later than 2.71.1.59. For Foscam Cameras C2 versions 2.72.1.59 and earlier, update to a version later than 2.72.1.59. For Foscam Cameras FI9961EP versions 2.72.1.59 and earlier, update to a version later than 2.72.1.59. For Foscam Cameras FI9900EP versions 2.74.1.59 and earlier, update to a version later than 2.74.1.59. For Foscam Cameras FI9900P versions 2.74.1.59 and earlier, update to a version later than 2.74.1.59. For Foscam Cameras FI9901EP versions 2.74.1.59 and earlier, update to a version later than 2.74.1.59. For Foscam Cameras FI9928P versions 2.74.1.58 and earlier, update to a version later than 2.74.1.58. For Foscam Cameras FI9803EP versions 2.22.2.31 and earlier, update to a version later than 2.22.2.31. For Foscam Cameras FI9853EP versions 2.22.2.31 and earlier, update to a version later than 2.22.2.31. For Foscam Cameras FI9803P versions 2.24.2.31 and earlier, update to a version later than 2.24.2.31. For Foscam Cameras FI9851P versions 2.24.2.31 and earlier, update to a version later than 2.24.2.31. For Foscam Cameras FI9821P V2 versions 2.21.2.31 and earlier, update to a version later than 2.21.2.31. For Foscam Cameras FI9826P V2 versions 2.21.2.31 and earlier, update to a version later than 2.21.2.31. For Foscam Cameras FI9831P V2 versions 2.21.2.31 and earlier, update to a version later than 2.21.2.31. For Foscam Cameras FI9821EP versions 2.21.2.31 and earlier, update to a version later than 2.21.2.31. For Foscam Cameras FI9821W V2 versions 2.11.1.120 and earlier, update to a version later than 2.11.1.120. For Foscam Cameras FI9831W versions 2.11.1.120 and earlier, update to a version later than 2.11.1.120. For Foscam Cameras FI9826W versions 2.11.1.120 and earlier, update to a version later than 2.11.1.120. For Foscam Cameras FI9821P versions 2.11.1.120 and earlier, update to a version later than 2.11.1.120. For Foscam Cameras FI9831P versions 2.11.1.120 and earlier, update to a version later than 2.11.1.120. For Foscam Cameras FI9826P versions 2.11.1.120 and earlier, update to a version later than 2.11.1.120. For Foscam Cameras FI9818W V2 versions 2.13.2.120 and earlier, update to a version later than 2.13.2.120. For Foscam Cameras FI9805W versions 2.14.1.120 and earlier, update to a version later than 2.14.1.120. For Foscam Cameras FI9804W versions 2.14.1.120 and earlier, update to a version later than 2.14.1.120. For Foscam Cameras FI9804P versions 2.14.1.120 and earlier, update to a version later than 2.14.1.120. For Foscam Cameras FI9805E versions 2.14.1.120 and earlier, update to a version later than 2.14.1.120. For Foscam Cameras FI9805P versions 2.14.1.120 and earlier, update to a version later than 2.14.1.120. For Foscam Cameras FI9828P versions 2.13.1.120 and earlier, update to a version later than 2.13.1.120. For Foscam Cameras FI9828W versions 2.13.1.120 and earlier, update to a version later than 2.13.1.120. For Foscam Cameras FI9828P V2 versions 2.11.1.133 and earlier, update to a version later than 2.11.1.133. As a temporary workaround, consider restricting access to the setSystemTime function until a patch is available. Avoid using the ntpServer argument in the affected API endpoint until the issue is resolved.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-6831

Affected Products

C1 Lite

C1 Lite V2

C1 Lite V3

C1 V2

C1 V3

Fi9800P

Fi9800P V2

Fi9800P V3

Fi9803P

Fi9803P V2

Fi9803P V3

Fi9803P V4

Fi9804P

Fi9804W

Fi9805E

Fi9805P

Fi9805W

Fi9815P

Fi9815P V2

Fi9816P

Fi9816P V2

Fi9816P V3

Fi9818W V2

Fi9821P

Fi9821P V2

Fi9821P V3

Fi9821W V2

Fi9826P

Fi9826P V2

Fi9826P V3

Fi9826W

Fi9828P

Fi9828P V2

Fi9828W

Fi9831P

Fi9831P V2

Fi9831P V3

Fi9831W

Fi9851P

Fi9851P V2

Fi9851P V3

Fi9853Ep

Fi9853Ep V2

Fi9900P

Fi9901Ep

Fi9928P

Fi9961Ep

PT-2018-17765 · Foscam · Fi9821P+50

CVE-2018-6831

Weakness Enumeration

Related Identifiers

Affected Products

References · 4