CVE-2018-12258

Name of the Vulnerable Software and Affected Versions Momentum Axel 720P version 5.1.8

Description An issue allows custom firmware upgrade via an SD card. With physical access, an attacker can upgrade the firmware quickly by inserting an SD card containing the firmware with name ezviz.dav and rebooting.

Recommendations For version 5.1.8, as a temporary workaround, consider restricting physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.