Arbitrary OS Command Execution Vulnerability in Foscam C2 and Opticam i5 Devices

Arbitrary OS Command Execution Vulnerability in Foscam C2 and Opticam i5 Devices

CVE-2018-19070 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action.

Learn more about our Web Application Penetration Testing UK.