CVE-2017-8222

HIGH EXPLOITED IN THE WILD

Wificam Wireless IP Camera (p2p) Firm... - Insufficiently Protected Credentials

Title source: rule

Description

Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information.

Exploits (1)

exploitdb WORKING POC

cremotehardware

https://www.exploit-db.com/exploits/43142

View on exploitdb

References (2)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Mar/23

[Exploit, Third Party Advisory] https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#rsa-lulz

Scores

CVSS v3 7.5

EPSS 0.0727

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation Intel

VulnCheck KEV 2020-12-01

InTheWild.io 2017-03-08

Classification

CWE

CWE-522

Status draft

Affected Products (1)

wificam/wireless_ip_camera_\(p2p\)_firmware

Timeline

Published Apr 25, 2017

Tracked Since Feb 18, 2026