CVE-2018-19070

{"id": "CVE-2018-19070", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2018-11-07T18:29:02.773", "references": [{"url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action."}, {"lang": "es", "value": "Se ha descubierto un problema en dispositivos Foscam C2 con firmware del sistema 1.11.1.8 y firmware de aplicaci\u00f3n 2.72.1.32, as\u00ed como dispositivos Opticam i5 con firmware del sistema 1.5.2.11 y firmware de aplicaci\u00f3n 2.21.1.128. Permiten que atacantes remotos ejecuten comandos arbitrarios del sistema operativo mediante metacaracteres shell en el par\u00e1metro usrName de una acci\u00f3n addAccount en CGIProxy.fcgi."}], "lastModified": "2018-12-11T14:57:16.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opticam:i5_application_firmware:2.21.1.128:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42E72BBD-5418-4C2C-B8EB-997224A0CA01"}, {"criteria": "cpe:2.3:o:opticam:i5_system_firmware:1.5.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9E1C7BD-97E3-41F9-BC4D-9C7320C471EE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:opticam:i5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "670C0300-3A68-4AC1-B659-7727FF92D8E6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:foscam:c2_application_firmware:2.72.1.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05CCF2DD-D69B-4518-B20A-376C98E2D02E"}, {"criteria": "cpe:2.3:o:foscam:c2_system_firmware:1.11.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28AD15E7-51C8-4B2D-BCEB-8EF2AA0B61A5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "107D84D0-9D16-4930-A312-38B7586B4B4F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}