Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1849

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-1849
Last Modified 14 May 2014 02:43:10
Published 13 May 2014 08:55:08
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1849

Summary

Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.

Vulnerable Systems

Operating System

  • Foscam Ip Camera Firmware 11.37.2.49


References

MISC - https://github.com/artemharutyunyan/getmecamtool/blob/master/src/dnsmod.c

FULLDISC - 20140508 CVE-2014-1849 Foscam Dynamic DNS predictable credentials vulnerability

MISC - http://blog.shekyan.com/2014/05/cve-2014-1849-foscam-dynamic-dns-predictable-credentials-vulnerability.html


Last Updated: 27 May 2016 11:05:15