Arbitrary OS Command Execution Vulnerability in Foscam C2 and Opticam i5 Devices

CVE-2018-19073 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.

Learn more about our Web Application Penetration Testing UK.