Foscam C1 IP cameras are vulnerable to remote code execution

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn3

Claudio Bozzato (security researcher from Cisco) has discovered a dozen of critical vulnerabilities affecting the Foscam C1 IP cameras. The Foscam C1 is one of the most commonly used IP cameras, they are usually used in sensitive locations.

According to the researcher:
“Foscam produces a series of IP-capable surveillance devices, network video recorders, and baby monitors for the end-user. Foscam produces a range of cameras for both indoor and outdoor use and with wireless capability. One of these models is the C1 series which contains a web-based user interface for management and is based on the arm architecture. Foscam is considered one of the most common security cameras out on the current market.”

The vulnerabilities are existing in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

These flaws could lead to information exposure and remote code execution (RCE), as well as a vulnerability that enables unsigned firmware images to be uploaded to the vulnerable devices.

The flaws have been reported to Foscam on July 13, 2017, and the team said that the vendor will release a firmware update to fix them.

Users are recommended to install the updates when they are made available.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn3

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply