← Volver a CVEs
CVE-2017-2844
HIGH8.8
Descripcion
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado6/29/2017
Ultima modificacion4/20/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
foscam:c1_indoor_hd_camerafoscam:c1_indoor_hd_camera_firmware
Debilidades (CWE)
CWE-78
Referencias
http://www.securityfocus.com/bid/99184(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346(talos-cna@cisco.com)
http://www.securityfocus.com/bid/99184(af854a3a-2127-422b-91ae-364da2661108)
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.