: Core notifies that the issues were reported 1 month ago and there was no reply since.: Core notifies that the advisory has not been published yet and re-sends technical details and proof of concept.: Foscam product team notifies that they have checked Core Security's website, but there is no Foscam info.: Core asks if the vulnerabilities are confirmed.
Publication date is set for Jul 3rd, 2013.
#Foscam ip camera tool password
The binary file is just a dump of the whole configuration packed as Gzip and can be accessed by accessing the following URL: The presence of this temporary file enables an unauthenticated attacker to download the configuration files which contain usernames, plaintext passwords (including admin passwords), Wifi configuration including plain PSK, among other interesting stuff as shown below: username = "admin " password = "admin " authtype = "15 " authgroup = " " username = "user " password = "user " authtype = "3 " authgroup = " " username = "guest " password = "guest " authtype = "1 " authgroup = " " When a configuration backup is required by an operator/administrator, the backup is generated in the local folder tmpfs named as config_backup.bin. Access Credentials Stored in Backup Files Accessing Manufacturer DDNS configurationīy requesting the following URL using your default web browser: you will see something like this: HostName= HostIP=113.105.65.47 Port=8080 UserName= Password= Domain=. 8.2.
#Foscam ip camera tool code
Technical Description / Proof of Concept Code 8.1. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. This vulnerability was discovered by Flavio de Cristofaro and researched with the help of Andres Blanco from Core Security Technologies. Some mitigation actions may be do not expose the camera to internet unless absolutely necessary and have at least one proxy filtering HTTP requests to the following resources: There was no official answer from Foscam after several attempts (see ) contact vendor for further information. Vendor Information, Solutions and Workarounds Other Foscam devices based on the same firmware are probably affected too, but they were not checked.The list of affected files includes, but is not limited to, the following: This could allow a remote attacker to obtain valuable information such as access credentials, Wi-Fi configuration and other sensitive information in plain text.
Vulnerability Descriptionĭue to improper access restriction the FOSCAM FI8620 device allows a remote attacker to browse and access arbitrary files from the following directories /tmpfs/ and /log/ without requiring authentication. Vulnerability InformationĬVE Name: CVE-2013-2574 3. Title: FOSCAM IP-Cameras Improper Access Restrictions