CVE-2018-19078

CRITICAL

Opticam I5 Application Firmware - Insufficiently Protected Credentials

Title source: rule

Description

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password.

References (1)

[Exploit, Third Party Advisory] https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt

Scores

CVSS v3 9.8

EPSS 0.0047

EPSS Percentile 64.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (4)

opticam/i5_application_firmware

opticam/i5_system_firmware

foscam/c2_application_firmware

foscam/c2_system_firmware

Timeline

Published Nov 07, 2018

Tracked Since Feb 18, 2026