CVE-2013-2560

Foscam <11.37.2.49 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2560. PoCs published by Frederic Basse.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Foscam devices, allowing attackers to retrieve arbitrary files (e.g., /proc/kcore) via crafted HTTP requests with '../' sequences. The PoC is a simple HTTP GET request, confirming the vulnerability's existence.

Description

Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Frederic Basse · textremotehardware
https://www.exploit-db.com/exploits/38356

This exploit demonstrates a directory traversal vulnerability in Foscam devices, allowing attackers to retrieve arbitrary files (e.g., /proc/kcore) via crafted HTTP requests with '../' sequences. The PoC is a simple HTTP GET request, confirming the vulnerability's existence.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Foscam IP cameras (firmware versions prior to fix for CVE-2013-2560)
No auth needed
Prerequisites: Network access to the vulnerable Foscam device
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html

Scores

EPSS 0.0928
EPSS Percentile 94.8%

Details

CWE
CWE-22
Status published
Products (1)
foscam/fi8919w < firmware_11.37.2.47
Published Mar 15, 2013
Tracked Since Feb 18, 2026