CVE-2017-2872
First published: Mon Sep 17 2018(Updated: )
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foscam C1 Webcam Firmware | =2.52.2.43 | |
| Foscam C1 Webcam |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-2872?
CVE-2017-2872 has been assigned a medium severity rating due to the potential for unauthorized firmware upgrades.
How do I fix CVE-2017-2872?
To fix CVE-2017-2872, upgrade the Foscam C1 Indoor HD Camera firmware to a version higher than 2.52.2.43.
What type of devices are affected by CVE-2017-2872?
CVE-2017-2872 affects the Foscam C1 Indoor HD Camera running firmware version 2.52.2.43.
What can be exploited in CVE-2017-2872?
CVE-2017-2872 can be exploited to perform unauthorized firmware upgrades via a crafted HTTP request.
Is there a workaround for CVE-2017-2872?
Currently, there is no documented workaround for CVE-2017-2872; upgrading the firmware is the recommended approach.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/foscam
- canonical/foscam c1 webcam firmware
- version/foscam c1 webcam firmware/2.52.2.43
- canonical/foscam c1 webcam