CVE-2017-2871

CVSS 9.6 CRITICALEPSS 1.1%

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.6EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 Apr 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image.

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

Talos · Foscam

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://talosintelligence.com/vulnerability_reports/TALOS-2017-0378