彙總 Foscam 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 緩衝區溢位、路徑處理缺陷、記憶體損壞與跨站腳本,在 軟體部署與生產負載 使用場景中可能帶來 應用程式崩潰、記憶體損壞與檔案覆寫 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2022-28743 | Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera's Linux OS, an atta | [email protected] | 9.1 | 1.06% | 2022-04-21 | 2026-06-17 |
| CVE-2021-43517 | FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. | [email protected] | 9.8 | 1.69% | 2022-04-08 | 2026-06-17 |
| CVE-2013-2574 | An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. | [email protected] | 7.5 | 29.59% | 2020-01-29 | 2026-06-16 |
| CVE-2018-19082 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field. | [email protected] | 9.8 | 2.32% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19081 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field. | [email protected] | 9.8 | 4.97% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19080 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. | [email protected] | 6.1 | 0.89% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19079 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. | [email protected] | 7.5 | 1.52% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19078 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. | [email protected] | 9.8 | 1.59% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19077 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header. | [email protected] | 7.5 | 2.19% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19076 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP). | [email protected] | 9.8 | 1.85% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19075 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8. | [email protected] | 5.3 | 1.69% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19074 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88. | [email protected] | 7.5 | 1.29% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19073 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access. | [email protected] | 7.2 | 1.95% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19072 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time. | [email protected] | 5.5 | 0.35% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19071 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up. | [email protected] | 7.8 | 0.39% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19070 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action. | [email protected] | 7.2 | 4.44% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19069 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor. | [email protected] | 9.8 | 1.99% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19068 | An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials. | [email protected] | 4.9 | 1.01% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19067 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account. | [email protected] | 9.8 | 2.04% | 2018-11-07 | 2026-06-16 |
| CVE-2018-19066 | An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift* password in some cases. | [email protected] | 7.5 | 1.58% | 2018-11-07 | 2026-06-16 |