CVE-2017-5674
First published: Mon Mar 13 2017(Updated: )
A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Embedthis GoAhead |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-5674?
The severity of CVE-2017-5674 is rated as critical with a score of 9.8.
How can I fix CVE-2017-5674?
To fix CVE-2017-5674, update your Foscam or Vstarcam devices to the latest firmware that addresses this vulnerability.
What types of devices are affected by CVE-2017-5674?
CVE-2017-5674 affects multiple white-label IP camera models, including those from Foscam and Vstarcam that utilize the GoAhead web server.
What kind of attack does CVE-2017-5674 enable?
CVE-2017-5674 enables attackers to craft a malformed HTTP request that may disclose sensitive configuration information.
Is CVE-2017-5674 associated with any particular software?
Yes, CVE-2017-5674 is associated with the Embedthis GoAhead web server.
- collector/nvd-index
- vendor/embedthis
- product/goahead
- canonical/embedthis goahead