RSS   Vulnerabilities for 'Momentum axel 720p firmware'   RSS

2018-06-13
 
CVE-2018-12323

CWE-798
 

 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console.

 
2018-06-12
 
CVE-2018-12261

CWE-732
 

 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root.

 
 
CVE-2018-12260

CWE-522
 

 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices

 
 
CVE-2018-12259

CWE-732
 

 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise.

 
 
CVE-2018-12258

CWE-noinfo
 

 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting.

 
 
CVE-2018-12257

CWE-295
 

 
An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in /etc/resolv.conf to the attacker's server, and serving the expected HTTPS response containing new firmware for the device to download.

 
2018-04-24
 
CVE-2018-10328

CWE-798
 

 
Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream.

 

 >>> Vendor: Apollotechnologiesinc 2 Products
Momentum axel 720p firmware
Momentum axel 720p


Copyright 2021, cxsecurity.com

 

Back to Top