An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting.
References
Link | Resource |
---|---|
https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:08
Updated: 2022-10-03T16:22:08
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-12258
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-12T18:29:00.583
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-12258
JSON object: View
Redhat Information
No data.
CWE