Unrated severityNVD Advisory· Published Apr 21, 2022· Updated Aug 3, 2024

CVE-2022-28743

Description

Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera's Linux OS, an attacker could effectively change the code that is running, add backdoor access, or invade the privacy of the user by accessing the live camera stream.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Foscam/R2C IP cameradescription
Foscam/R2Cllm-create
Range: <=1.13.1.6 (System FW) / <=2.91.2.66 (Application FW)

Patches

Vulnerability mechanics

References

www.trellix.com/en-us/about/newsroom/stories/threat-labs/keeping-a-critical-eye-on-iot-devices.htmlmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000