Insecure Permissions on /mnt/mtd/boot.sh Allows Local Command Execution
CVE-2018-19071 · MEDIUM Severity
AV:L/AC:L/AU:N/C:P/I:P/A:P
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up.
Learn more about our User Device Pen Test.