CVE-2017-2872

Name of the Vulnerable Software and Affected Versions: Foscam C1 Indoor HD Camera version 2.52.2.43

Description: Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera. A HTTP request can allow a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.

Recommendations: For Foscam C1 Indoor HD Camera version 2.52.2.43, consider disabling the firmware upgrade feature via HTTP requests until a patch is available. Restrict access to the recovery procedure to minimize the risk of exploitation. Avoid using crafted images for firmware upgrades until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.