CVE-2017-8225

CRITICAL EXPLOITED IN THE WILD

Wificam Wireless IP Camera (p2p) Firm... - Insufficiently Protected Credentials

Title source: rule

Description

On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.

Exploits (4)

exploitdb WORKING POC

by PierreKimSec · cremotehardware

https://www.exploit-db.com/exploits/43142

View Code ZIP pw:eip

nomisec WORKING POC 7 stars

by K3ysTr0K3R · infoleak

https://github.com/K3ysTr0K3R/CVE-2017-8225-EXPLOIT

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by kienquoc102 · infoleak

https://github.com/kienquoc102/CVE-2017-8225

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/threat9/routersploit

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre-auth-info-leak-goahead

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2017/Mar/23

Scores

CVSS v3 9.8

EPSS 0.6666

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2017-10-19

InTheWild.io 2017-10-25

CWE

CWE-522

Status published

Products (1)

wificam/wireless_ip_camera_\(p2p\)_firmware

Published Apr 25, 2017

Tracked Since Feb 18, 2026