CVE-2017-2872

Exploit

EPSS 0.29%
Veröffentlicht 17.09.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:24:21
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foscam ≫ C1 Firmware Version2.52.2.43

Foscam ≫ C1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.518

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C
talos-cna@cisco.com	9.9	3.1	6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2017-2872

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2872

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2872

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-2872