PT-2018-18895 · Axis · Axis M1033-W

Published

2018-04-01

Updated

2018-05-15

CVE-2018-9158

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions AXIS M1033-W (IP camera) Firmware version 5.40.5.1

Description The issue concerns a lack of a suitable mechanism to prevent a Denial of Service (DoS) attack, resulting in a response time delay. An attacker can exploit this by using the hping3 tool to perform an IPv4 flood attack, which interrupts services for the duration of the attack.

Recommendations For AXIS M1033-W (IP camera) Firmware version 5.40.5.1, consider implementing network traffic filtering to restrict incoming IPv4 flood attacks as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-9158

Affected Products

Axis M1033-W

PT-2018-18895 · Axis · Axis M1033-W

CVE-2018-9158

Weakness Enumeration

Related Identifiers

Affected Products

References · 3