Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations | |||
---|---|---|---|
Name | CVE-2016-8731 | First vendor Publication | 2017-06-21 |
Vendor | Cve | Last vendor Modification | 2022-12-14 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.8 | ||
Base Score | 9.8 | Environmental Score | 9.8 |
impact SubScore | 5.9 | Temporal Score | 9.8 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8731 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-798 | Use of Hard-coded Credentials (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-12-06 | Foscam C1 backdoor account ftp login attempt RuleID : 40909 - Revision : 5 - Type : SERVER-OTHER |
2016-12-06 | Foscam C1 backdoor account ftp login attempt RuleID : 40908 - Revision : 7 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-07-14 | Name : The remote host is running an FTP server that is using a hard-coded password. File : ftp_foscam_c1_ip_camera_hard_coded_creds.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
BID | http://www.securityfocus.com/bid/99193 |
MISC | https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0245 |
Alert History
Date | Informations |
---|---|
2022-12-14 17:27:49 |
|
2022-04-20 00:23:37 |
|
2020-05-23 00:53:35 |
|
2017-07-15 13:25:44 |
|
2017-07-05 21:22:58 |
|
2017-06-23 09:22:48 |
|
2017-06-22 00:22:56 |
|