CVE-2018-6830 - Vulnerability Details

Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00923.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:foscam:c1_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:c1_lite:3:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:foscam:c1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:c1:3:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:foscam:fi9800p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9800p:3:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:foscam:fi9821ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9821ep:2:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:foscam:fi9821p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9821p:3:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:foscam:fi9826p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9826p:3:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:foscam:fi9831p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9831p:3:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:foscam:c1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:foscam:c1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:c1:2:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:foscam:c1_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:c1_lite:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:foscam:c1_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:c1_lite:2:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:foscam:fi9800p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9800p:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:foscam:fi9800p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9800p:2:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:foscam:fi9803p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9803p:2:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:foscam:fi9803p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9803p:3:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:foscam:fi9851p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9851p:2:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:foscam:fi9815p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9815p:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:foscam:fi9815p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9815p:2:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:foscam:fi9816p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9816p:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:foscam:fi9816p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9816p:2:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:foscam:r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:r2:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:foscam:r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:r4:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:foscam:c2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:c2:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:foscam:fi9961ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9961ep:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:foscam:fi9900ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9900ep:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:foscam:fi9900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9900p:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:foscam:fi9901ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9901ep:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:foscam:fi9928p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9928p:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:foscam:fi9803ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9803ep:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:foscam:fi9853ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9853ep:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:foscam:fi9803p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9803p:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:foscam:fi9851p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9851p:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:foscam:fi9821p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9821p:2:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:foscam:fi9826p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9826p:2:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:foscam:fi9831p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9831p:2:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:foscam:fi9821ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9821ep:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:foscam:fi9821w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9821w:2:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:foscam:fi9831w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9831w:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:foscam:fi9826w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9826w:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:foscam:fi9821p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9821p:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:foscam:fi9831p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9831p:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:foscam:fi9826p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9826p:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:foscam:fi9818w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9818w:2:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:foscam:fi9805w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9805w:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:foscam:fi9804w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9804w:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:foscam:fi9804p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9804p:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:foscam:fi9805e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9805e:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:foscam:fi9805p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9805p:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:foscam:fi9828p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9828p:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:foscam:fi9828w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9828w:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:foscam:fi9828p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foscam:fi9828p:2:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Foscam Subscribe	C1 Subscribe C1 Firmware Subscribe C1 Lite Subscribe C1 Lite Firmware Subscribe C2 Subscribe C2 Firmware Subscribe Fi9800p Subscribe Fi9800p Firmware Subscribe Fi9803ep Subscribe Fi9803ep Firmware Subscribe Fi9803p Subscribe Fi9803p Firmware Subscribe Fi9804p Subscribe Fi9804p Firmware Subscribe Fi9804w Subscribe Fi9804w Firmware Subscribe Fi9805e Subscribe Fi9805e Firmware Subscribe Fi9805p Subscribe Fi9805p Firmware Subscribe Fi9805w Subscribe Fi9805w Firmware Subscribe Fi9815p Subscribe Fi9815p Firmware Subscribe Fi9816p Subscribe Fi9816p Firmware Subscribe Fi9818w Subscribe Fi9818w Firmware Subscribe Fi9821ep Subscribe Fi9821ep Firmware Subscribe Fi9821p Subscribe Fi9821p Firmware Subscribe Fi9821w Subscribe Fi9821w Firmware Subscribe Fi9826p Subscribe Fi9826p Firmware Subscribe Fi9826w Subscribe Fi9826w Firmware Subscribe Fi9828p Subscribe Fi9828p Firmware Subscribe Fi9828w Subscribe Fi9828w Firmware Subscribe Fi9831p Subscribe Fi9831p Firmware Subscribe Fi9831w Subscribe Fi9831w Firmware Subscribe Fi9851p Subscribe Fi9851p Firmware Subscribe Fi9853ep Subscribe Fi9853ep Firmware Subscribe Fi9900ep Subscribe Fi9900ep Firmware Subscribe Fi9900p Subscribe Fi9900p Firmware Subscribe Fi9901ep Subscribe Fi9901ep Firmware Subscribe Fi9928p Subscribe Fi9928p Firmware Subscribe Fi9961ep Subscribe Fi9961ep Firmware Subscribe R2 Subscribe R2 Firmware Subscribe R4 Subscribe R4 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2018-18577	Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
https://www.foscam.com/company/securing-your-foscam-camera-important-notice.html

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-09T17:00:00

Updated: 2024-08-05T06:17:15.812Z

Reserved: 2018-02-07T00:00:00

Link: CVE-2018-6830

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-09T17:29:00.213

Modified: 2024-11-21T04:11:15.567

Link: CVE-2018-6830

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-22

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object