Advisory:               FOSCAM Wireless IP Camera - SSID XSS
Author:                 Liad Mizrachi
Vendor URL:             http://www.foscam.com/
Vulnerability Status:   No Fix
CVE-ID:                 CVE-2013-5215

==========================
Vulnerability Description
==========================
FOSCAM's Web UI "WiFi scan" option is vulnerable to XSS using a custom AP SSID.


==========================
PoC
==========================

Setup wireless access point and set SSID with the _javascript_ code.
- SSID must start with ' (Apostrophe).
- SSID must end with // (comment).


==========================
Disclosure Timeline
==========================

20-Aug-2013 - Vendor informed by mail
21-Aug-2013 - Reply from FosCam Support, moved to R&D team.
08-Sep-2013 - Requesting the vendor for update on the issue.
08-Sep-2013 - Reply From Vendor: no fix will be issue.


==========================
References
==========================http://www.foscam.com/https://vimeo.com/72786679
[PoC Demo]