CVE-2017-2871

Exploit

EPSS 0.18%
Veröffentlicht 17.04.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:24:21
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foscam ≫ C1 Firmware Version2.52.2.43

Foscam ≫ C1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.401

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P
talos-cna@cisco.com	9.6	2.8	6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://talosintelligence.com/vulnerability_reports/TALOS-2017-0378

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2017-2871

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2871

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2871

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-2871