Strix
26.1K

CVE-2018-6830

UnknownEPSS 2.63%

Last modified

CVE-2018-6830 is a vulnerability of currently unknown severity. Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component.. EPSS estimates a 2.63% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component.

Metrics

EPSS Probability
2.63%

83.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
FoscamC1 Lite Firmware<= 2.82.2.33
FoscamC1 Firmware<= 2.82.2.33
FoscamFi9800p Firmware<= 2.81.2.33
FoscamFi9821ep Firmware<= 2.81.2.33
FoscamFi9821p Firmware<= 2.81.2.33
FoscamFi9826p Firmware<= 2.81.2.33
FoscamFi9831p Firmware<= 2.81.2.33
FoscamC1 Firmware<= 2.52.2.47
FoscamC1 Lite Firmware<= 2.52.2.47
FoscamFi9800p Firmware<= 2.54.2.47
FoscamFi9803p Firmware<= 2.54.2.47
FoscamFi9851p Firmware<= 2.54.2.47
FoscamFi9815p Firmware<= 2.51.2.47
FoscamFi9816p Firmware<= 2.51.2.47
FoscamR2 Firmware<= 2.71.1.59
FoscamR4 Firmware<= 2.71.1.59
FoscamC2 Firmware<= 2.72.1.59
FoscamFi9961ep Firmware<= 2.72.1.59
FoscamFi9900ep Firmware<= 2.74.1.59
FoscamFi9900p Firmware<= 2.74.1.59
FoscamFi9901ep Firmware<= 2.74.1.59
FoscamFi9928p Firmware<= 2.74.1.58
FoscamFi9803ep Firmware<= 2.22.2.31
FoscamFi9853ep Firmware<= 2.22.2.31
FoscamFi9803p Firmware<= 2.24.2.31
FoscamFi9851p Firmware<= 2.24.2.31
FoscamFi9821p Firmware<= 2.21.2.31
FoscamFi9826p Firmware<= 2.21.2.31
FoscamFi9831p Firmware<= 2.21.2.31
FoscamFi9821ep Firmware<= 2.21.2.31
FoscamFi9821w Firmware<= 2.11.1.120
FoscamFi9831w Firmware<= 2.11.1.120
FoscamFi9826w Firmware<= 2.11.1.120
FoscamFi9821p Firmware<= 2.11.1.120
FoscamFi9831p Firmware<= 2.11.1.120
FoscamFi9826p Firmware<= 2.11.1.120
FoscamFi9818w Firmware<= 2.13.2.120
FoscamFi9805w Firmware<= 2.14.1.120
FoscamFi9804w Firmware<= 2.14.1.120
FoscamFi9804p Firmware<= 2.14.1.120
FoscamFi9805e Firmware<= 2.14.1.120
FoscamFi9805p Firmware<= 2.14.1.120
FoscamFi9828p Firmware<= 2.13.1.120
FoscamFi9828w Firmware<= 2.13.1.120
FoscamFi9828p Firmware<= 2.11.1.133

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-6830?
Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component.
How severe is CVE-2018-6830?
Severity scoring for CVE-2018-6830 is pending analysis. The EPSS model estimates a 2.63% probability of exploitation in the next 30 days.
How do I fix CVE-2018-6830?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-6830?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST