Strix
26.1K

CVE-2017-2841

HIGHCVSS 8.8/10

Last modified

CVE-2017-2841 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution.

Description

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Enumeration

Affected Software

VendorProductVersions
FoscamC1 Indoor Hd Camera Firmware2.52.2.37

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-2841?
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
How severe is CVE-2017-2841?
CVE-2017-2841 has a CVSS score of 8.8/10 (HIGH severity).
How do I fix CVE-2017-2841?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-2841?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST