Vulnerability Details CVE-2017-2872
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.9%
CVSS Severity
CVSS v3 Score 9.9
CVSS v2 Score 9.0
References
Products affected by CVE-2017-2872
-
cpe:2.3:h:foscam:c1:-
-
cpe:2.3:o:foscam:c1_firmware:2.52.2.43