Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.
References
Link | Resource |
---|---|
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2017-11-13T00:00:00
Updated: 2022-04-19T18:23:54
Reserved: 2016-12-01T00:00:00
Link: CVE-2017-2872
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-09-17T20:29:00.790
Modified: 2022-06-07T17:26:10.003
Link: CVE-2017-2872
JSON object: View
Redhat Information
No data.
CWE