CVE Assigned: CVE-2013-2560. 2013/3/2 Frédéric BASSE <basse.frederic@xxxxxxxxx>: > [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability > _______________________________________________________________________ > Summary: > Foscam firmware <= 11.37.2.48 is prone to a path traversal > vulnerability in the embedded web interface. > > The unauthenticated attacker can access to the entire filesystem and > steal web & wifi credentials. > _______________________________________________________________________ > Details: > > GET //../proc/kcore HTTP/1.0 > > > ____________________________________________________________________ > CVSS Version 2 Metrics: > Access Vector: Network exploitable > Access Complexity: Low > Authentication: Not required to exploit > Confidentiality Impact: Complete > Availability Impact: Complete > _______________________________________________________________________ > Disclosure Timeline: > 2013-01-18 Vendor fixed the issue in fw 11.37.2.49; no security notice > 2013-02-21 Vulnerability found > 2013-03-01 Public advisory > _______________________________________________________________________ > Solution: > A new firmware is available on vendor's site: > http://www.foscam.com/down3.aspx > _______________________________________________________________________ > References: > http://code.google.com/p/bflt-utils/ > http://wiki.openipcam.com/ > _______________________________________________________________________ > Arnaud Calmejane - Frederic Basse
