Vulnerability Details CVE-2018-19073
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.1%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
Products affected by CVE-2018-19073
-
cpe:2.3:h:foscam:c2:-
-
cpe:2.3:h:opticam:i5:-
-
cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32
-
cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8
-
cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128
-
cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11