CVE-2017-8223

HIGH EXPLOITED IN THE WILD

Wificam Wireless IP Camera (p2p) Firmware - Authentication Bypass

Title source: rule

Description

On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.

Exploits (1)

exploitdb WORKING POC

cremotehardware

https://www.exploit-db.com/exploits/43142

View on exploitdb

References (2)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Mar/23

[Exploit, Third Party Advisory] https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre-auth-info-leak-goahead

Scores

CVSS v3 7.5

EPSS 0.1804

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation Intel

VulnCheck KEV 2020-12-01

InTheWild.io 2017-03-08

Classification

CWE

CWE-287

Status draft

Affected Products (1)

wificam/wireless_ip_camera_\(p2p\)_firmware

Timeline

Published Apr 25, 2017

Tracked Since Feb 18, 2026