CVE-2018-4028

Name of the Vulnerable Software and Affected Versions Anker Roav A1 Dashcam version RoavA1SWV1.9

Description A firmware update issue exists in the NT9665X Chipset firmware. The HTTP server is vulnerable, allowing an attacker to overwrite the root directory of the server. This can result in a denial of service. An attacker can exploit this by sending an HTTP POST request to a vulnerable endpoint, such as / or another unspecified endpoint.

Recommendations For version RoavA1SWV1.9, as a temporary workaround, consider restricting access to the HTTP server until a patch is available. Avoid using the vulnerable firmware update mechanism until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.