CVE-2018-20050

Name of the Vulnerable Software and Affected Versions Jooan JA-Q1H Wi-Fi camera version 21.0.0.91

Description The issue is related to the mishandling of an empty string, which allows remote attackers to cause a denial of service, resulting in the camera crashing and rebooting. This can be achieved via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.

Recommendations For Jooan JA-Q1H Wi-Fi camera version 21.0.0.91, as a temporary workaround, consider disabling the ONVIF protocol until a patch is available. Restrict access to the GetStreamUri and GetVideoEncoderConfigurationOptions methods to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.