CVE-2017-7648

HIGH

Foscam C1 and related models - Use of Hard-coded SSL Private Key

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7648. PoCs published by notmot.

AI-analyzed exploit summary This repository contains only a README file with a brief description of CVE-2017-7648, providing no exploit code or technical details. It appears to be a placeholder or incomplete writeup.

Description

Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Exploits (1)

nomisec WRITEUP

by notmot · poc

https://github.com/notmot/CVE-2017-7648.

View Code ZIP pw:eip

This repository contains only a README file with a brief description of CVE-2017-7648, providing no exploit code or technical details. It appears to be a placeholder or incomplete writeup.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/archive/1/540388/30/0/threaded

Scores

CVSS v3 8.1

EPSS 0.0168

EPSS Percentile 74.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (12)

foscam/c1

foscam/c1_lite

foscam/c2

foscam/fi9800xe

foscam/fi9826p

foscam/fi9828p

foscam/fi9851p

foscam/fi9853ep

foscam/fi9901ep

foscam/fi9903p

... and 2 more

Published Apr 10, 2017

Tracked Since Feb 18, 2026