CVE-2014-1849

Foscam IP camera <11.37.2.49 - RCE

Title source: llm

Description

Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sergey Shekyan · cremotehardware

https://www.exploit-db.com/exploits/39195

View Code ZIP pw:eip

References (3)

[Various Sources] http://blog.shekyan.com/2014/05/cve-2014-1849-foscam-dynamic-dns-predictable-credentials-vulnerability.html

[Mailing List] http://seclists.org/fulldisclosure/2014/May/35

[Exploit] https://github.com/artemharutyunyan/getmecamtool/blob/master/src/dnsmod.c

Scores

EPSS 0.2113

EPSS Percentile 95.7%

Details

CWE

CWE-255

Status published

Products (1)

foscam/ip_camera_firmware 11.37.2.49

Published May 14, 2014

Tracked Since Feb 18, 2026