Vulnerabilities in Foscam C1 Indoor Series Cameras

A researcher at Cisco Talos discovered several vulnerabilities in the Foscam C1 indoor HD camera that could allow threat actors remote access to affected devices. This network-based camera is marketed for indoor use and is commonly deployed in home settings to monitor children and pets. If exploited, the disclosed vulnerabilities could allow attackers unauthorized access to sensitive device information including the MAC address, camera name, and firmware version, as well as the ability to reset user accounts without a valid authResetKey. Foscam C1 cameras running system firmware version 1.9.3.18 and application firmware version 2.52.2.43 are affected. The NJCCIC recommends all users and administrators of affected Foscam C1 cameras apply the firmware update released by Foscam as soon as possible.