CVE-2018-19069
CRITICALOpticam i5 Application Firmware - Use of Hard-coded Credentials
Title source: llmDescription
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
Scores
CVSS v3
9.8
EPSS
0.0199
EPSS Percentile
78.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (4)
foscam/c2_application_firmware
2.72.1.32
foscam/c2_system_firmware
1.11.1.8
opticam/i5_application_firmware
2.21.1.128
opticam/i5_system_firmware
1.5.2.11
Published
Nov 07, 2018
Tracked Since
Feb 18, 2026