The FOSCAM FI8620 PTZ Camera does not prevent unauthenticated access to the /tmpfs/ and /log/ directories. Plain text information stored in these directories can include access credentials, Wi-Fi configuration, and more sensitive information. This can be used by attackers to authenticate against the device, allowing them to perform actions normally restricted to authorized personnel.
FOSCAM FI8620 PTZ Camera
Elevation of Privilege
Exploitation of this vulnerability will grant an attacker access to sensitive information, such as plaintext usernames, passwords, etc. These can be used by the remote attacker to elevate their privileges to one of the revealed user accounts.
BeyondTrust Prevention and Detection:
Prevent the camera from being publicly accessible. If public access is required, block access to the following resources: