Vulnerabilities > CVE-2014-1849 - Credentials Management vulnerability in Foscam IP Camera Firmware 11.37.2.49
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Foscam IP Camera Predictable Credentials Security Bypass Vulnerability. CVE-2014-1849. Remote exploit for hardware platform |
| id | EDB-ID:39195 |
| last seen | 2016-02-04 |
| modified | 2014-05-08 |
| published | 2014-05-08 |
| reporter | Sergey Shekyan |
| source | https://www.exploit-db.com/download/39195/ |
| title | Foscam IP Camera Predictable Credentials Security Bypass Vulnerability |
References
- http://blog.shekyan.com/2014/05/cve-2014-1849-foscam-dynamic-dns-predictable-credentials-vulnerability.html
- http://blog.shekyan.com/2014/05/cve-2014-1849-foscam-dynamic-dns-predictable-credentials-vulnerability.html
- http://seclists.org/fulldisclosure/2014/May/35
- http://seclists.org/fulldisclosure/2014/May/35
- https://github.com/artemharutyunyan/getmecamtool/blob/master/src/dnsmod.c
- https://github.com/artemharutyunyan/getmecamtool/blob/master/src/dnsmod.c