Exploitation Summary
EIP tracks 1 public exploit for CVE-2013-2560. PoCs published by Frederic Basse.
AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Foscam devices, allowing attackers to retrieve arbitrary files (e.g., /proc/kcore) via crafted HTTP requests with '../' sequences. The PoC is a simple HTTP GET request, confirming the vulnerability's existence.
Description
Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.
Exploits (1)
This exploit demonstrates a directory traversal vulnerability in Foscam devices, allowing attackers to retrieve arbitrary files (e.g., /proc/kcore) via crafted HTTP requests with '../' sequences. The PoC is a simple HTTP GET request, confirming the vulnerability's existence.