CVE-2018-19076 - Vulnerability Details - OpenCVE

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Foscam	C2 C2 Application Firmware C2 System Firmware
Opticam	I5 I5 Application Firmware I5 System Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:::::::*
	cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:::::::*

cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:::::::*
	cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:::::::*

cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-11-07T18:00:00

Updated: 2024-08-05T11:30:04.040Z

Reserved: 2018-11-07T00:00:00

Link: CVE-2018-19076

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-11-07T18:29:05.070

Modified: 2024-11-21T03:57:17.287

Link: CVE-2018-19076

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-11-07T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-07T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19076", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", "refsource": "MISC", "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:30:04.040Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19076", "datePublished": "2018-11-07T18:00:00", "dateReserved": "2018-11-07T00:00:00", "dateUpdated": "2024-08-05T11:30:04.040Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*", "matchCriteriaId": "42E72BBD-5418-4C2C-B8EB-997224A0CA01", "vulnerable": true}, {"criteria": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "B9E1C7BD-97E3-41F9-BC4D-9C7320C471EE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*", "matchCriteriaId": "670C0300-3A68-4AC1-B659-7727FF92D8E6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*", "matchCriteriaId": "05CCF2DD-D69B-4518-B20A-376C98E2D02E", "vulnerable": true}, {"criteria": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "28AD15E7-51C8-4B2D-BCEB-8EF2AA0B61A5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*", "matchCriteriaId": "107D84D0-9D16-4930-A312-38B7586B4B4F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP)."}, {"lang": "es", "value": "Se ha descubierto un problema en dispositivos Foscam C2 con firmware del sistema 1.11.1.8 y firmware de aplicaci\u00f3n 2.72.1.32, as\u00ed como dispositivos Opticam i5 con firmware del sistema 1.5.2.11 y firmware de aplicaci\u00f3n 2.21.1.128. Los servicios FTP y RTSP facilitan que los atacantes lleven a cabo ataques de autenticaci\u00f3n por fuerza bruta, debido a que los l\u00edmites de fallo de autenticaci\u00f3n solo aplican a HTTP (no a FTP o RTSP)."}], "id": "CVE-2018-19076", "lastModified": "2024-11-21T03:57:17.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-07T18:29:05.070", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}