CVE-2017-2844 HIGH

CVE-2017-2844

Vendor Foscam
Product Indoor IP Camera C1 Series
Published June 29, 2017
Last update September 16, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

Key dates

02Disclosure timeline

June 29, 2017 CVE published
September 16, 2024 Record updated