ID

VAR-201703-0744


CVE

CVE-2017-5675


TITLE

Foscam Such as white label IP For custom builds used in camera models GoAhead Web Command injection vulnerability in the server

Trust: 0.8

sources: JVNDB: JVNDB-2017-002234

DESCRIPTION

A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges. Foscam is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. Both Foscam and Vstarcam IP camera are network camera products. Goahead webserver is one of the cross-platform embedded webserver

Trust: 2.25

sources: NVD: CVE-2017-5675 // JVNDB: JVNDB-2017-002234 // CNVD: CNVD-2017-03633 // VULHUB: VHN-113878

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-03633

AFFECTED PRODUCTS

vendor:embedthismodel:goaheadscope:eqversion: -

Trust: 1.6

vendor:embedthismodel:goaheadscope: - version: -

Trust: 0.8

vendor:foscammodel:foscamscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-03633 // JVNDB: JVNDB-2017-002234 // CNNVD: CNNVD-201703-532 // NVD: CVE-2017-5675

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5675
value: HIGH

Trust: 1.0

NVD: CVE-2017-5675
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-03633
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201703-532
value: CRITICAL

Trust: 0.6

VULHUB: VHN-113878
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5675
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-03633
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-113878
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5675
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-03633 // VULHUB: VHN-113878 // JVNDB: JVNDB-2017-002234 // CNNVD: CNNVD-201703-532 // NVD: CVE-2017-5675

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-113878 // JVNDB: JVNDB-2017-002234 // NVD: CVE-2017-5675

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-532

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201703-532

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002234

PATCH

title:Top Pageurl:https://embedthis.com/goahead/

Trust: 0.8

sources: JVNDB: JVNDB-2017-002234

EXTERNAL IDS

db:NVDid:CVE-2017-5675

Trust: 3.1

db:JVNDBid:JVNDB-2017-002234

Trust: 0.8

db:CNNVDid:CNNVD-201703-532

Trust: 0.7

db:CNVDid:CNVD-2017-03633

Trust: 0.6

db:VULHUBid:VHN-113878

Trust: 0.1

sources: CNVD: CNVD-2017-03633 // VULHUB: VHN-113878 // JVNDB: JVNDB-2017-002234 // CNNVD: CNNVD-201703-532 // NVD: CVE-2017-5675

REFERENCES

url:https://www.cybereason.com/cve-ip-cameras/

Trust: 3.1

url:https://www.cybereason.com/zero-day-exploits-turn-hundreds-of-thousands-of-ip-cameras-into-iot-botnet-slaves/

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2017-5675

Trust: 1.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5675

Trust: 0.8

sources: CNVD: CNVD-2017-03633 // VULHUB: VHN-113878 // JVNDB: JVNDB-2017-002234 // CNNVD: CNNVD-201703-532 // NVD: CVE-2017-5675

SOURCES

db:CNVDid:CNVD-2017-03633
db:VULHUBid:VHN-113878
db:JVNDBid:JVNDB-2017-002234
db:CNNVDid:CNNVD-201703-532
db:NVDid:CVE-2017-5675

LAST UPDATE DATE

2024-08-14T14:13:33.622000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-03633date:2017-03-29T00:00:00
db:VULHUBid:VHN-113878date:2017-03-15T00:00:00
db:JVNDBid:JVNDB-2017-002234date:2017-04-05T00:00:00
db:CNNVDid:CNNVD-201703-532date:2017-03-14T00:00:00
db:NVDid:CVE-2017-5675date:2017-03-15T17:11:08.363

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-03633date:2017-03-29T00:00:00
db:VULHUBid:VHN-113878date:2017-03-13T00:00:00
db:JVNDBid:JVNDB-2017-002234date:2017-04-05T00:00:00
db:CNNVDid:CNNVD-201703-532date:2017-03-14T00:00:00
db:NVDid:CVE-2017-5675date:2017-03-13T06:59:00.417