SynopsisNNM observed at least one authentication session originating from this client address.
DescriptionFoscam C1 IP Camera installs with hardcoded default FTP user credentials. The 'r' account has a password of 'r'. This allows a remote attacker to trivially access the FTP service on port 50021 and gain access to the mounted Micro-SD card.
SolutionExploitation relies on the availability of port 50021. Preventing access to this port or disabling FTP completely will help mitigate this vulnerability.