CVE Vulnerabilities

CVE-2018-12258

Published: Jun 12, 2018 | Modified: Oct 03, 2019
CVSS 3.x
6.8
MEDIUM
Source:
NVD
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name ezviz.dav and rebooting.

Affected Software

Name Vendor Start Version End Version
Momentum_axel_720p_firmware Apollotechnologiesinc 5.1.8 5.1.8

References