CVE-2017-2872
Last modified
CVE-2017-2872 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. EPSS estimates a 1.63% chance of exploitation in the next 30 days.
Description
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Foscam | C1 Firmware | 2.52.2.43 |
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379Exploit, Third Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2872?
How severe is CVE-2017-2872?
How do I fix CVE-2017-2872?
Are you affected by CVE-2017-2872?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST