CVE-2017-8221

HIGH EXPLOITED IN THE WILD

Wireless IP Camera (P2P) WIFICAM - Missing Encryption of Sensitive Data via Cleartext UDP Tunnel

Title source: llm

Exploitation Summary

CVE-2017-8221 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in the GoAhead web server used in various IP cameras. It bypasses authentication to extract credentials and then executes arbitrary commands via crafted HTTP requests to the FTP configuration CGI endpoints, resulting in a reverse shell.

Description

Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network.

Exploits (1)

exploitdb WORKING POC

cremotehardware

https://www.exploit-db.com/exploits/43142

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in the GoAhead web server used in various IP cameras. It bypasses authentication to extract credentials and then executes arbitrary commands via crafted HTTP requests to the FTP configuration CGI endpoints, resulting in a reverse shell.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GoAhead web server (used in IP cameras)

No auth needed

Prerequisites: Network access to the target device · GoAhead web server with vulnerable CGI endpoints

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#cloud

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2017/Mar/23

Scores

CVSS v3 7.5

EPSS 0.1907

EPSS Percentile 95.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2020-12-01

InTheWild.io 2017-03-08

CWE

CWE-311

Status published

Products (1)

wificam/wireless_ip_camera_\(p2p\)_firmware

Published Apr 25, 2017

Tracked Since Feb 18, 2026