OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability

From: Frédéric BASSE (basse.fredericgmail.com)
Date: Wed Mar 13 2013 - 10:01:47 CDT


CVE Assigned: CVE-2013-2560.

2013/3/2 Frédéric BASSE <basse.fredericgmail.com>:
> [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability
> _______________________________________________________________________
> Summary:
> Foscam firmware <= 11.37.2.48 is prone to a path traversal
> vulnerability in the embedded web interface.
>
> The unauthenticated attacker can access to the entire filesystem and
> steal web & wifi credentials.
> _______________________________________________________________________
> Details:
>
> GET //../proc/kcore HTTP/1.0
>
>
> ____________________________________________________________________
> CVSS Version 2 Metrics:
> Access Vector: Network exploitable
> Access Complexity: Low
> Authentication: Not required to exploit
> Confidentiality Impact: Complete
> Availability Impact: Complete
> _______________________________________________________________________
> Disclosure Timeline:
> 2013-01-18 Vendor fixed the issue in fw 11.37.2.49; no security notice
> 2013-02-21 Vulnerability found
> 2013-03-01 Public advisory
> _______________________________________________________________________
> Solution:
> A new firmware is available on vendor's site:
> http://www.foscam.com/down3.aspx
> _______________________________________________________________________
> References:
> http://code.google.com/p/bflt-utils/
> http://wiki.openipcam.com/
> _______________________________________________________________________
> Arnaud Calmejane - Frederic Basse