CVE-2013-2560

high

Published 2013-03-15 · Modified 2026-04-29

CVSS v3

—

CVSS v2

7.8

VIR risk

7.8

Description

Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html
http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html

CWEs

CWE-22

Verify integrity in audit chain (admin only). AS-IS.