PT-2019-10759 · Newtec+1 · Nt9665X Chipset+1

Published

2019-05-13

Updated

2022-06-07

CVE-2018-4026

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Anker Roav A1 Dashcam version RoavA1SWV1.9

Description A denial-of-service issue exists in the XML GetScreen Wi-Fi command of the NT9665X Chipset firmware. It can be exploited by sending a specially crafted set of packets, causing an invalid memory dereference that results in a device reboot.

Recommendations For version RoavA1SWV1.9, consider disabling the XML GetScreen Wi-Fi command as a temporary workaround until a patch is available. Restrict access to this command to minimize the risk of exploitation.

Exploit

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

CVE-2018-4026

Affected Products

Anker Roav A1 Dashcam

Nt9665X Chipset

PT-2019-10759 · Newtec+1 · Nt9665X Chipset+1

CVE-2018-4026

Weakness Enumeration

Related Identifiers

Affected Products

References · 3