PT-2018-11082 · Momentum · Momentum Axel 720P

Published

2018-06-12

Updated

2019-10-03

CVE-2018-12258

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Momentum Axel 720P version 5.1.8

Description An issue allows custom firmware upgrade via an SD card. With physical access, an attacker can upgrade the firmware quickly by inserting an SD card containing the firmware with name ezviz.dav and rebooting.

Recommendations For version 5.1.8, as a temporary workaround, consider restricting physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-12258

Affected Products

Momentum Axel 720P

PT-2018-11082 · Momentum · Momentum Axel 720P

CVE-2018-12258

Related Identifiers

Affected Products

References · 3