CVE-2017-2855: Buffer Overflow
First published: Wed Sep 19 2018(Updated: )
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foscam C1 Firmware | =2.52.2.43 | |
| Foscam C1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this buffer overflow vulnerability?
The vulnerability ID for this buffer overflow vulnerability is CVE-2017-2855.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Foscam C1 Firmware version 2.52.2.43.
What is the severity rating for this vulnerability?
The severity rating for this vulnerability is critical with a rating of 8.1.
How can an attacker exploit this vulnerability?
An attacker who is able to intercept HTTP connections can exploit this vulnerability by creating a rogue HTTP response, leading to full compromise of the device.
Is there a fix available for this vulnerability?
Yes, the vendor has released a fix for this vulnerability. It is recommended to update to Foscam C1 Firmware version that is not affected.
- collector/nvd-index
- vendor/foscam
- canonical/foscam c1 firmware
- version/foscam c1 firmware/2.52.2.43
- canonical/foscam c1