CVE-2017-7648
moderate-risk
Published 2017-04-10
Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Do I need to act?
-
0.62% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ HIGH complexity
Affected Products (12)
C1
Fi9800Xe
Fi9828P
Fi9851P
Fi9903P
Fi9928P
C1 Lite
C2
Fi9826P
Fi9853Ep
Fi9901Ep
R2
Affected Vendors
References (2)
Third Party Advisory
http://www.securityfocus.com/archive/1/540388/30/0/threaded
Third Party Advisory
http://www.securityfocus.com/archive/1/540388/30/0/threaded
43
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
2/34 · Minimal
Exposure
17/34 · Moderate