CVE-2018-19081

CRITICAL

Foscam Opticam i5 Firmware 1.5.2.11/2.21.1.128 - OS Command Injection via ONVIF SetDNS

Title source: llm
STIX 2.1

Description

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0497
EPSS Percentile 91.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (4)
foscam/c2_application_firmware 2.72.1.32
foscam/c2_system_firmware 1.11.1.8
opticam/i5_application_firmware 2.21.1.128
opticam/i5_system_firmware 1.5.2.11
Published Nov 07, 2018
Tracked Since Feb 18, 2026