CVE-2017-18377
CRITICAL EXPLOITED IN THE WILDWireless IP Camera (P2P) WIFICAM Firmware - Unauthenticated Remote Code Execution via set_ftp.cgi pwd Parameter
Title source: llmExploitation Summary
CVE-2017-18377 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre-auth-root-rce
Scores
CVSS v3
9.8
EPSS
0.0637
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2019-06-13
InTheWild.io
2020-07-23
CWE
CWE-77
Status
published
Products (1)
goahead/wireless_ip_camera_wificam_firmware
Published
Jun 11, 2019
Tracked Since
Feb 18, 2026