Foscam C1 Hardcoded FTP Credentials (CVE-2016-8731)
Medium Nessus Network Monitor Plugin ID 700147
SynopsisNNM observed at least one authentication session originating from this client address.
DescriptionFoscam C1 IP Camera installs with hardcoded default FTP user credentials. The 'r' account has a password of 'r'. This allows a remote attacker to trivially access the FTP service on port 50021 and gain access to the mounted Micro-SD card.
SolutionExploitation relies on the availability of port 50021. Preventing access to this port or disabling FTP completely will help mitigate this vulnerability.