CVE-2018-12258

EUVD-2018-4236
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
apollotechnologiesincmomentum_axel_720p_firmware
5.1.8
𝑥
= Vulnerable software versions
References
https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf
https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf