Vulnerability CVE-2018-20342


Published: 2018-12-21

Description:
The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Floureon -> Sp012 

 References:
http://neolex-security.fr/article/obtenir-un-shell-root-par-les-ports-uart-sur-une-camera-ip-floureon/
https://neolex-security.fr/blog/7/
https://neolex-security.fr/blog/8/

Copyright 2024, cxsecurity.com

 

Back to Top