Vulnerability CVE-2018-4028


Published: 2019-05-13

Description:
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability.

Type:

CWE-275

(Permission Issues)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Anker-in -> Roav dashcam a1 firmware 

 References:
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0700

Copyright 2020, cxsecurity.com

 

Back to Top