CVE-2017-2871
Last modified
CVE-2017-2871 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image.. EPSS estimates a 1.11% chance of exploitation in the next 30 days.
Description
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Foscam | C1 Firmware | 2.52.2.43 |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2017-0378Exploit, Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2017-0378Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2871?
How severe is CVE-2017-2871?
How do I fix CVE-2017-2871?
Are you affected by CVE-2017-2871?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST