Anyone else get this? (I have purchased cameras from the Foscam website in the past - I believe it is now called Armcrest). They say in the letter that these vulnerabilities do NOT affect Armcrest branded cameras. However, I don't think that is true as one of the vulnerabilities listed (INSECURE DEFAULT CREDENTIALS (CWE-255)) is non-random default password/username and some, or all, Armcrest cameras use admin/admin as the default username/password combo.
We wanted to reach out as soon as possible to inform you of recently discovered security vulnerabilities affecting "Foscam" branded cameras manufactured by China-based Shenzhen Foscam. Foscam US has been notified of 18 security vulnerabilities that exist on cameras manufactured by Shenzhen Foscam which leave users vulnerable to hacks which allow attackers to remotely take-over cameras, live stream, download stored files and even compromise other devices located on the local network. (Source: F-Secure Report available here).
The vulnerabilities affect "Foscam" branded cameras and cameras manufactured by China-based Shenzhen Foscam only. The vulnerabilities DO NOT affect Amcrest or FDT branded cameras which are produced by a separate factory and R&D team led by US-based Amcrest (formerly Foscam US and now Amcrest), which is totally unrelated to China-based Shenzhen Foscam.
Amcrest split off from China-based Shenzhen Foscam in 2015 / 2016 due to issues relating to distribution, lack of security and quality control and thus Amcrest and FDT cameras are totally unaffected by these latest security vulnerabilities.
The models affected include the following:
Foscam R2
Foscam C1
Foscam C1 Lite
Foscam C2
Foscam FI9800
Foscam FI9826P
Foscam FI9828P
Foscam FI9851P
Foscam FI9853EP
Foscam FI9901EP
Foscam FI9903P
Foscam FI9928P
Last edited: