CVE-2018-19071

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
opticami5_application_firmware
2.21.1.128
opticami5_system_firmware
1.5.2.11
foscamc2_application_firmware
2.72.1.32
foscamc2_system_firmware
1.11.1.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt