Insecure Permissions on /mnt/mtd/boot.sh Allows Local Command Execution

CVE-2018-19071 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up.

Learn more about our User Device Pen Test.