CVE-2017-2872
HIGHFoscam C1 Indoor HD Camera 2.52.2.43 - Unauthenticated Firmware Upgrade and Command Execution via Crafted Image
Title source: llmDescription
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379
Scores
CVSS v3
7.2
EPSS
0.0163
EPSS Percentile
73.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
foscam/c1_firmware
2.52.2.43
Published
Sep 17, 2018
Tracked Since
Feb 18, 2026