High severity8.8NVD Advisory· Published Jun 29, 2017· Updated Jun 17, 2026
CVE-2017-2850
CVE-2017-2850
Description
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:o:foscam:c1_indoor_hd_camera_firmware:2.52.2.37:*:*:*:*:*:*:*
- Foscam/Indoor IP Camera C1 Seriesv5Range: n/a
Patches
Vulnerability mechanics
References
2- talosintelligence.com/vulnerability_reports/TALOS-2017-0352nvdTechnical DescriptionThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/99184nvdBroken Link
News mentions
0No linked articles in our index yet.