CVE-2017-2833
CVE-2017-2833
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 4.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
24 Apr 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Foscam · Indoor IP Camera