ID

VAR-201703-0743


CVE

CVE-2017-5674


TITLE

Foscam Such as white label IP Custom built used by camera models GoAhead Web Vulnerability in server configuration file disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-002241

DESCRIPTION

A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password. Foscam is an intelligent network camera that can monitor mobile, voice and temperature, and can push messages to mobile phones. It also has functions such as mobile phone viewing and one-click sharing. Both Foscam and Vstarcam IP camera are network camera products. Goahead webserver is one of the cross-platform embedded webserver. Foscam, Vstarcam and white label IP camera are all IP camera products. Goahead webserver is one of the cross-platform embedded WebServer. There is a security vulnerability in the GoAhead web server used in the Foscam and Vstarcam IP cameras. An attacker can exploit this vulnerability to leak configuration files by sending malicious HTTP requests

Trust: 2.34

sources: NVD: CVE-2017-5674 // JVNDB: JVNDB-2017-002241 // CNVD: CNVD-2017-03632 // VULHUB: VHN-113877 // VULMON: CVE-2017-5674

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-03632

AFFECTED PRODUCTS

vendor:embedthismodel:goaheadscope:eqversion: -

Trust: 1.6

vendor:embedthismodel:goaheadscope: - version: -

Trust: 0.8

vendor:foscammodel:foscamscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-03632 // JVNDB: JVNDB-2017-002241 // CNNVD: CNNVD-201703-533 // NVD: CVE-2017-5674

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5674
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-5674
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-03632
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201703-533
value: MEDIUM

Trust: 0.6

VULHUB: VHN-113877
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-5674
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5674
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-03632
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-113877
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5674
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-03632 // VULHUB: VHN-113877 // VULMON: CVE-2017-5674 // JVNDB: JVNDB-2017-002241 // CNNVD: CNNVD-201703-533 // NVD: CVE-2017-5674

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-113877 // JVNDB: JVNDB-2017-002241 // NVD: CVE-2017-5674

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-533

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-533

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002241

PATCH

title:Top Pageurl:https://embedthis.com/goahead/

Trust: 0.8

title: - url:https://github.com/mitchwolfe1/CCTV-GoAhead-Exploit

Trust: 0.1

sources: VULMON: CVE-2017-5674 // JVNDB: JVNDB-2017-002241

EXTERNAL IDS

db:NVDid:CVE-2017-5674

Trust: 3.2

db:JVNDBid:JVNDB-2017-002241

Trust: 0.8

db:CNNVDid:CNNVD-201703-533

Trust: 0.7

db:CNVDid:CNVD-2017-03632

Trust: 0.6

db:VULHUBid:VHN-113877

Trust: 0.1

db:VULMONid:CVE-2017-5674

Trust: 0.1

sources: CNVD: CNVD-2017-03632 // VULHUB: VHN-113877 // VULMON: CVE-2017-5674 // JVNDB: JVNDB-2017-002241 // CNNVD: CNNVD-201703-533 // NVD: CVE-2017-5674

REFERENCES

url:https://www.cybereason.com/cve-ip-cameras/

Trust: 3.2

url:https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2017-5674

Trust: 1.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5674

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://github.com/mitchwolfe1/cctv-goahead-exploit

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2017-03632 // VULHUB: VHN-113877 // VULMON: CVE-2017-5674 // JVNDB: JVNDB-2017-002241 // CNNVD: CNNVD-201703-533 // NVD: CVE-2017-5674

SOURCES

db:CNVDid:CNVD-2017-03632
db:VULHUBid:VHN-113877
db:VULMONid:CVE-2017-5674
db:JVNDBid:JVNDB-2017-002241
db:CNNVDid:CNNVD-201703-533
db:NVDid:CVE-2017-5674

LAST UPDATE DATE

2024-08-14T14:27:17.939000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-03632date:2017-03-29T00:00:00
db:VULHUBid:VHN-113877date:2017-03-15T00:00:00
db:VULMONid:CVE-2017-5674date:2017-03-15T00:00:00
db:JVNDBid:JVNDB-2017-002241date:2017-04-06T00:00:00
db:CNNVDid:CNNVD-201703-533date:2017-03-14T00:00:00
db:NVDid:CVE-2017-5674date:2017-03-15T18:43:07.360

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-03632date:2017-03-29T00:00:00
db:VULHUBid:VHN-113877date:2017-03-13T00:00:00
db:VULMONid:CVE-2017-5674date:2017-03-13T00:00:00
db:JVNDBid:JVNDB-2017-002241date:2017-04-06T00:00:00
db:CNNVDid:CNNVD-201703-533date:2017-03-14T00:00:00
db:NVDid:CVE-2017-5674date:2017-03-13T06:59:00.370