CVE-2018-4018

Опубликовано: 13 мая 2019

Источник: nvd

CVSS3: 10

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0689
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0689
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:anker-in:roav_dashcam_a1_firmware:1.9:*:*:*:*:*:*:*

cpe:2.3:h:anker-in:roav_dashcam_a1:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00426

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-v2pp-7fp2-vfjg

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 62%

0.00426

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo