CVE-2018-20342

The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
floureonsp012
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://neolex-security.fr/article/obtenir-un-shell-root-par-les-ports-uart-sur-une-camera-ip-floureon/
https://neolex-security.fr/blog/8/
https://neolex-security.fr/blog/7/
http://neolex-security.fr/article/obtenir-un-shell-root-par-les-ports-uart-sur-une-camera-ip-floureon/
https://neolex-security.fr/blog/8/