Description
Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Frederic Basse · textremotehardware
https://www.exploit-db.com/exploits/38356
References (1)
Core 1
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html
Scores
EPSS
0.0902
EPSS Percentile
92.7%
Details
CWE
CWE-22
Status
published
Products (1)
foscam/fi8919w
< firmware_11.37.2.47
Published
Mar 15, 2013
Tracked Since
Feb 18, 2026