Vulnerabilities > CVE-2014-1849 - Credentials Management vulnerability in Foscam IP Camera Firmware 11.37.2.49

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

foscam

CWE-255

critical

exploit available

NVD

Published: 2014-05-14

Updated: 2014-05-14

Summary

Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.

Vulnerable Configurations

Part	Description	Count
OS	Foscam Foscam IP Camera Firmware 11.37.2.49	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	Foscam IP Camera Predictable Credentials Security Bypass Vulnerability. CVE-2014-1849. Remote exploit for hardware platform
id	EDB-ID:39195
last seen	2016-02-04
modified	2014-05-08
published	2014-05-08
reporter	Sergey Shekyan
source	https://www.exploit-db.com/download/39195/
title	Foscam IP Camera Predictable Credentials Security Bypass Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References