Description
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device.
References (2)
Core 2
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99193
Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0245
Scores
CVSS v3
9.8
EPSS
0.0265
EPSS Percentile
83.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (2)
foscam/c1_webcam_firmware
1.9.1.12
Foscan/Foscam C1 Webcam
Firmware Version 1.9.1.12
Published
Jun 21, 2017
Tracked Since
Feb 18, 2026