CVE-2018-19070

HIGH

Opticam i5 Application Firmware 2.21.1.128 - OS Command Injection via CGIProxy.fcgi usrName Parameter

Title source: llm
STIX 2.1

Description

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action.

References (1)

Core 1
Core References

Scores

CVSS v3 7.2
EPSS 0.0444
EPSS Percentile 90.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (4)
foscam/c2_application_firmware 2.72.1.32
foscam/c2_system_firmware 1.11.1.8
opticam/i5_application_firmware 2.21.1.128
opticam/i5_system_firmware 1.5.2.11
Published Nov 07, 2018
Tracked Since Feb 18, 2026