CVE-2022-28743

Name of the Vulnerable Software and Affected Versions Foscam R2C IP camera versions System FW <= 1.13.1.6, and Application FW <= 2.91.2.66

Description A Time-of-check Time-of-use (TOCTOU) Race Condition issue allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. This could grant the attacker full remote access to the IP camera and the underlying Linux system with root permissions, enabling them to change the code, add backdoor access, or invade the user's privacy by accessing the live camera stream.

Recommendations For Foscam R2C IP camera versions System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, update the firmware to a version higher than System FW 1.13.1.6 and Application FW 2.91.2.66 to resolve the issue. At the moment, there is no information about additional mitigation measures.