CVE-2018-19078

CRITICAL

Foscam Opticam i5 - Insufficiently Protected Credentials via ONVIF GetStreamUri Response

Title source: llm

Description

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt

Scores

CVSS v3 9.8

EPSS 0.0159

EPSS Percentile 72.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-522

Status published

Products (4)

foscam/c2_application_firmware 2.72.1.32

foscam/c2_system_firmware 1.11.1.8

opticam/i5_application_firmware 2.21.1.128

opticam/i5_system_firmware 1.5.2.11

Published Nov 07, 2018

Tracked Since Feb 18, 2026