BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

FOSCAM IP-Cameras Improper Access Restrictions

Disclosed July 23, 2013    Zeroday : 465 days

Vulnerability Description:

The FOSCAM FI8620 PTZ Camera does not prevent unauthenticated access to the /tmpfs/ and /log/ directories. Plain text information stored in these directories can include access credentials, Wi-Fi configuration, and more sensitive information. This can be used by attackers to authenticate against the device, allowing them to perform actions normally restricted to authorized personnel.

Vendors:

FOSCAM

Vulnerable Software/Devices:

FOSCAM FI8620 PTZ Camera

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Elevation of Privilege
Exploitation of this vulnerability will grant an attacker access to sensitive information, such as plaintext usernames, passwords, etc. These can be used by the remote attacker to elevate their privileges to one of the revealed user accounts.

BeyondTrust Prevention and Detection:

 

Mitigation:

Prevent the camera from being publicly accessible. If public access is required, block access to the following resources:

  • /tmpfs/config_backup.bin
  • /tmpfs/config_restore.bin
  • /tmpfs/ddns.conf
  • /tmpfs/syslog.txt
  • /log/syslog.txt

Links:

CVE(s):