Arbitrary OS Command Execution via ONVIF SetDNS Method in Foscam Opticam i5 Devices

Arbitrary OS Command Execution via ONVIF SetDNS Method in Foscam Opticam i5 Devices

CVE-2018-19081 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.

Learn more about our Web Application Penetration Testing UK.