Important Message from Foscam Digital Technologies Regarding US Sales & Service

Foscam.US (aka Foscam Digital Technologies and now Amcrest Technologies) is an independent United States based distributor of "Foscam" branded products. We have been offering telephone support, US local warranty and building the Foscam brand in the US for the past 7 years. Based on our experiences with Foscam and feedback from end users we have launched our own new and improved line of wireless IP cameras and security systems under the Amcrest brand. Working in partnership with the second largest security camera manufacturer in the world, Amcrest was founded with a deep commitment to end-user privacy and security, highly reliable software and hardware as well a seamless and intuitive user experience. For more information, please visit www.Amcrest.com

If you are having trouble with your Foscam cameras, we sincerely apologize for this inconvenience and would love to help. For technical support, response to inquiries and for obtaining replacements for any Foscam IP Cameras or NVR products, please reach out to tech@foscam.com or call 1-844-344-1113.

If you are interested in exchanging your Foscam camera for an Amcrest camera, we can offer you a massive loyalty discount, even if you are out of warranty. Please send an email to support@amcrest.com, sales@amcrest.com or call 1-888-212-7538

If you are subscribed to Foscam Cloud (www.foscamcloud.com), please contact cloud@foscam.us for support.

If you currently use the manufacturer's cloud service (www.myfoscam.com or linked in any way to www.foscam.com), you will need to contact them directly for support, at www.myfoscam.com.


MJPEG .54 Firmware Bug - User Logon Bypass

Users can ask and answer questions regarding Foscam IP Cameras

Moderators: mycam, FOSCAM

Re: MJPEG .54 Firmware Bug - User Logon Bypass

Postby TheUberOverLord » Sun Sep 28, 2014 9:01 pm

DaveGadgeteer wrote:My Foscam cameras test vulnerable to the Shellshock exploit.
I have seen nothing from Foscam addressing this enormous problem.
This Bash exploit allows executing anything at all, complete insecurity.
http://shellshock.brandonpotter.com/

1. You make no mention at all of what Foscam IP Camera models you tested or any specific URLs you used for testing. Yet you make sure you say: "This Bash exploit allows executing anything at all, complete insecurity". I find that rather amazing! Don't you?

Equally amazing! Is your only other post ever in this Forum says:

DaveGadgeteer wrote:Are you sure you waited long enough for the tests to finish? The interface is confusing.
I ran it yesterday, and every type (3) of Foscam camera I tried was found vulnerable!

It would appear that your only reason to make both of these post as your only posts in the Forum to date. Is to attempt to scare others. With your total lack of any specifics. But in this post, you make sure you say: "I ran it yesterday, and every type (3) of Foscam camera I tried was found vulnerable!". Which is not helpful in anyway.

'Nice try, but no cigar'

2. All my testing, for all Foscam IP Camera models. Has/have come back as not vulnerable with the URLs I used to test. Using the link above. It should be noted, that not all URLs might show as vulnerable.

But, it would help to know what Foscam IP Camera models you claim are vulnerable and what were the URLs you used to determine their vulnerability.

If your not willing to do that. Then I am calling FUD on this. Meaning you are trying to create. Fear, uncertainty and doubt. Because you have gone well out of your way to provide no specifics of any kind whatsoever. Also you have only posted twice in the Forum and in both posts make the same claim, with no specifics of any kind.

3. It's important to know how to read the test results. Just because the log might say "error" for this or that log item. All that means is that the attempt for that item failed. Which does not mean the URL in question is/was vulnerable. What's important are the words "No Vulnerabilities Found". Once the test completes for that URL.

Example:

ShellshockResults.png

Don
TheUberOverLord
 
Posts: 13110
Joined: Fri Jun 22, 2012 11:52 pm

Re: MJPEG .54 Firmware Bug - User Logon Bypass

Postby FOSCAM » Sun Sep 28, 2014 10:25 pm

DaveGadgeteer wrote:My Foscam cameras test vulnerable to the Shellshock exploit.
I have seen nothing from Foscam addressing this enormous problem.
This Bash exploit allows executing anything at all, complete insecurity.
http://shellshock.brandonpotter.com/


Hello DaveGadgeteer,

Our enginners have experimented our server and confirmed our products won't be voulnerable.

May I have your camera model and your current firmware version?

--Foscam Technical Support
FOSCAM
 
Posts: 766
Joined: Thu Nov 03, 2011 9:11 pm

Previous

Return to Technical Support

Who is online

Users browsing this forum: No registered users and 10 guests