critical
9.1
CWE
367 362
Advisory Published
Updated

CVE-2022-28743: Race Condition

First published: Thu Apr 21 2022(Updated: )

Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera's Linux OS, an attacker could effectively change the code that is running, add backdoor access, or invade the privacy of the user by accessing the live camera stream.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Foscam R2c Application Firmware<=2.91.2.66
Foscam R2c System Firmware<=1.13.1.6
Foscam R2C

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-28743?

    CVE-2022-28743 is a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Foscam R2C IP camera running System FW <= 1.13.1.6 and Application FW <= 2.91.2.66.

  • What is the impact of CVE-2022-28743?

    The impact of CVE-2022-28743 is that an authenticated remote attacker with administrator permissions can execute arbitrary remote code via a malicious firmware patch.

  • How severe is CVE-2022-28743?

    CVE-2022-28743 has a severity score of 6.6 (critical).

  • Which software versions are affected by CVE-2022-28743?

    CVE-2022-28743 affects Foscam R2C IP camera with System FW <= 1.13.1.6 and Application FW <= 2.91.2.66.

  • Is Foscam R2C vulnerable to CVE-2022-28743?

    No, Foscam R2C is not vulnerable to CVE-2022-28743.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203