critical
9
CWE
78
Advisory Published
Updated

CVE-2018-6831: OS Command Injection

First published: Mon Jul 09 2018(Updated: )

The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote authenticated users to execute arbitrary commands via a ';' in the ntpServer argument. NOTE: this issue exists because of an incomplete fix for CVE-2017-2849.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Foscam C1 Lite Firmware<=2.82.2.33
Foscam C1 Lite Firmware=3
Foscam C1 Webcam Firmware<=2.82.2.33
Foscam C1 Webcam=3
Foscam IP Camera Firmware<=2.81.2.33
Foscam Fi9800p Firmware=3
Foscam Fi9821EP Firmware<=2.81.2.33
Foscam Fi9821p Firmware=2
Foscam IP Camera Firmware<=2.81.2.33
Foscam Fi9821p Firmware=3
Foscam Fi9826p Firmware<=2.81.2.33
Foscam Fi9826p Firmware=3
Foscam Fi9831p Firmware<=2.81.2.33
Foscam Fi9831p Firmware=3
Foscam C1 Webcam Firmware<=2.52.2.47
Foscam C1 Webcam
Foscam C1 Webcam=2
Foscam C1 Lite Firmware<=2.52.2.47
Foscam C1 Lite Firmware
Foscam C1 Lite Firmware=2
Foscam IP Camera Firmware<=2.54.2.47
Foscam Fi9800p Firmware
Foscam Fi9800p Firmware=2
Foscam Fi9803p Firmware<=2.54.2.47
Foscam Fi9803p Firmware=2
Foscam Fi9803p Firmware=3
Foscam Fi9851p Firmware<=2.54.2.47
Foscam Fi9851P=2
Foscam Fi9815p Firmware<=2.51.2.47
Foscam Fi9815P
Foscam Fi9815P=2
Foscam Fi9816p Firmware<=2.51.2.47
Foscam Fi9816p Firmware
Foscam Fi9816p Firmware=2
Foscam R2<=2.71.1.59
Foscam R2 Firmware
Foscam R4 Firmware<=2.71.1.59
Foscam R4 Firmware
Foscam C2 System Firmware<=2.72.1.59
Foscam C2 System Firmware
Foscam IP Camera Firmware<=2.72.1.59
Foscam Fi9961ep
Foscam Fi9900ep Firmware<=2.74.1.59
Foscam Fi9900ep Firmware
Foscam Fi9900p Firmware<=2.74.1.59
Foscam Fi9900p Firmware
Foscam Fi9901ep<=2.74.1.59
Foscam Fi9901ep Firmware
Foscam Fi9928P<=2.74.1.58
Foscam Fi9928p Firmware
Foscam Fi9803ep Firmware<=2.22.2.31
Foscam Fi9803ep Firmware
Foscam Fi9853ep Firmware<=2.22.2.31
Foscam Fi9853ep Firmware
Foscam Fi9803p Firmware<=2.24.2.31
Foscam Fi9803p Firmware
Foscam Fi9851p Firmware<=2.24.2.31
Foscam Fi9851P
Foscam IP Camera Firmware<=2.21.2.31
Foscam Fi9821p Firmware=2
Foscam Fi9826p Firmware<=2.21.2.31
Foscam Fi9826p Firmware=2
Foscam Fi9831p Firmware<=2.21.2.31
Foscam Fi9831p Firmware=2
Foscam Fi9821EP Firmware<=2.21.2.31
Foscam Fi9821p Firmware
Foscam Fi9821w Firmware<=2.11.1.120
Foscam Fi9821w Firmware=2
Foscam Fi9831w Firmware<=2.11.1.120
Foscam Fi9831w Firmware
Foscam IP Camera Firmware<=2.11.1.120
Foscam Fi9826w Firmware
Foscam IP Camera Firmware<=2.11.1.120
Foscam Fi9821p Firmware
Foscam Fi9831p Firmware<=2.11.1.120
Foscam Fi9831p Firmware
Foscam Fi9826p Firmware<=2.11.1.120
Foscam Fi9826p Firmware
Foscam Fi9818W<=2.13.2.120
Foscam Fi9818W=2
Foscam Fi9805w<=2.14.1.120
Foscam Fi9805w Firmware
Foscam Fi9804W Firmware<=2.14.1.120
Foscam Fi9804W Firmware
Foscam IP Camera Firmware<=2.14.1.120
Foscam Fi9804p Firmware
Foscam Fi9805e Firmware<=2.14.1.120
Foscam Fi9805e Firmware
Foscam Fi9805p Firmware<=2.14.1.120
Foscam Fi9805p Firmware
Foscam Fi9828p Firmware<=2.13.1.120
Foscam Fi9828p Firmware
Foscam IP Camera Firmware<=2.13.1.120
Foscam Fi9828w Firmware
Foscam Fi9828p Firmware<=2.11.1.133
Foscam Fi9828p Firmware=2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2018-6831?

    CVE-2018-6831 has been classified with a medium severity rating as it allows remote code execution through insecure system time settings.

  • How do I fix CVE-2018-6831?

    To fix CVE-2018-6831, update the firmware of your Foscam camera to the latest version provided by the manufacturer.

  • Which Foscam camera models are affected by CVE-2018-6831?

    CVE-2018-6831 affects models including C1 Lite, FI9800P, FI9816P, FI9821P, and several others with specified firmware versions.

  • What does CVE-2018-6831 exploit?

    CVE-2018-6831 exploits a vulnerability in the setSystemTime function of specific Foscam camera firmware.

  • Is my Foscam camera vulnerable if it is running updated firmware after CVE-2018-6831 was reported?

    If your Foscam camera is running updated firmware beyond the affected versions mentioned in CVE-2018-6831, it is not vulnerable.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203