Foscam C1 IP Camera FTP Hard Coded Password

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host is running an FTP server that is using a hard-coded
password.

Description :

Nessus was able to log in to the remote FTP server, using the
username 'r' with the password 'r', and identify the remote server as
a vulnerable Foscam C1 IP Camera. A remote attacker can exploit this
to access its FTP service and the mounted Micro-SD card.

See also :

https://www.talosintelligence.com/reports/TALOS-2016-0245/
http://blog.talosintelligence.com/2017/06/foscam-vuln-details.html

Solution :

Update to firmware version V-2.x.2.43 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 101547 ()

Bugtraq ID: 99193

CVE ID: CVE-2016-8731

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now