In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/99184 | Broken Link |
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0349 | VDB Entry Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
07 Jun 2022, 17:29
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/99184 - Broken Link |
Information
Published : 2017-06-29 17:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-2847
Mitre link : CVE-2017-2847
CVE.ORG link : CVE-2017-2847
JSON object : View
Products Affected
foscam
- c1_indoor_hd_camera_firmware
- c1_indoor_hd_camera
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')