Foscam C1 IP cameras are vulnerable to remote code execution

Claudio Bozzato (security researcher from Cisco) has discovered a dozen of critical vulnerabilities affecting the Foscam C1 IP cameras. The Foscam C1 is one of the most commonly used IP cameras, they are usually used in sensitive locations.

According to the researcher:
“Foscam produces a series of IP-capable surveillance devices, network video recorders, and baby monitors for the end-user. Foscam produces a range of cameras for both indoor and outdoor use and with wireless capability. One of these models is the C1 series which contains a web-based user interface for management and is based on the arm architecture. Foscam is considered one of the most common security cameras out on the current market.”

The vulnerabilities are existing in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43.

These flaws could lead to information exposure and remote code execution (RCE), as well as a vulnerability that enables unsigned firmware images to be uploaded to the vulnerable devices.

The flaws have been reported to Foscam on July 13, 2017, and the team said that the vendor will release a firmware update to fix them.

Users are recommended to install the updates when they are made available.

Related posts

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites