CVE-2017-8225

CRITICAL EXPLOITED IN THE WILD

Wificam Wireless IP Camera (p2p) Firm... - Insufficiently Protected Credentials

Title source: rule

Description

On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.

Exploits (4)

nomisec WORKING POC 7 stars

by K3ysTr0K3R · infoleak

https://github.com/K3ysTr0K3R/CVE-2017-8225-EXPLOIT

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by kienquoc102 · infoleak

https://github.com/kienquoc102/CVE-2017-8225

View Code ZIP pw:eip

exploitdb WORKING POC

by PierreKimSec · cremotehardware

https://www.exploit-db.com/exploits/43142

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/threat9/routersploit

View Code ZIP pw:eip

References (2)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Mar/23

[Exploit, Third Party Advisory] https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre-auth-info-leak-goahead

Scores

CVSS v3 9.8

EPSS 0.7089

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2017-10-19

InTheWild.io 2017-10-25

Classification

CWE

CWE-522

Status draft

Affected Products (1)

wificam/wireless_ip_camera_\(p2p\)_firmware

Timeline

Published Apr 25, 2017

Tracked Since Feb 18, 2026