Sign-up

ID

VAR-201806-0710


CVE

CVE-2018-12258


TITLE

Momentum Axel 720P Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-006340

DESCRIPTION

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting. Momentum Axel 720P Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. There is a security vulnerability in the MomentumAxel720P5.1.8 release

Trust: 2.25

sources: NVD: CVE-2018-12258 // JVNDB: JVNDB-2018-006340 // CNVD: CNVD-2018-22562 // VULHUB: VHN-122199

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-22562

AFFECTED PRODUCTS

vendor:apollotechnologiesincmodel:momentum axel 720pscope:eqversion:5.1.8

Trust: 2.2

vendor:apollo tech usamodel:momentum axel 720pscope:eqversion:5.1.8

Trust: 0.8

sources: CNVD: CNVD-2018-22562 // JVNDB: JVNDB-2018-006340 // CNNVD: CNNVD-201806-717 // NVD: CVE-2018-12258

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12258
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12258
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-22562
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-717
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122199
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12258
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-22562
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-122199
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12258
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-22562 // VULHUB: VHN-122199 // JVNDB: JVNDB-2018-006340 // CNNVD: CNNVD-201806-717 // NVD: CVE-2018-12258

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-122199 // JVNDB: JVNDB-2018-006340 // NVD: CVE-2018-12258

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201806-717

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201806-717

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006340

PATCH
title:Top Pageurl:https://momentumcam.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-006340

EXTERNAL IDS
db:NVDid:CVE-2018-12258
Trust: 3.1
db:JVNDBid:JVNDB-2018-006340
Trust: 0.8
db:CNNVDid:CNNVD-201806-717
Trust: 0.7
db:CNVDid:CNVD-2018-22562
Trust: 0.6
db:VULHUBid:VHN-122199
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-22562 // 
            
            
            
            VULHUB: VHN-122199 // 
            
            
            
            JVNDB: JVNDB-2018-006340 // 
            
            
            
            CNNVD: CNNVD-201806-717 // 
            
            
            
            NVD: CVE-2018-12258

REFERENCES
url:https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-12258
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12258
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-22562 // 
            
            
            
            VULHUB: VHN-122199 // 
            
            
            
            JVNDB: JVNDB-2018-006340 // 
            
            
            
            CNNVD: CNNVD-201806-717 // 
            
            
            
            NVD: CVE-2018-12258

SOURCES
db:CNVDid:CNVD-2018-22562
db:VULHUBid:VHN-122199
db:JVNDBid:JVNDB-2018-006340
db:CNNVDid:CNNVD-201806-717
db:NVDid:CVE-2018-12258

LAST UPDATE DATE
2024-11-23T22:38:08.097000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-22562date:2018-11-06T00:00:00
db:VULHUBid:VHN-122199date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-006340date:2018-08-17T00:00:00
db:CNNVDid:CNNVD-201806-717date:2019-10-23T00:00:00
db:NVDid:CVE-2018-12258date:2024-11-21T03:44:52.493

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-22562date:2018-11-06T00:00:00
db:VULHUBid:VHN-122199date:2018-06-12T00:00:00
db:JVNDBid:JVNDB-2018-006340date:2018-08-17T00:00:00
db:CNNVDid:CNNVD-201806-717date:2018-06-13T00:00:00
db:NVDid:CVE-2018-12258date:2018-06-12T18:29:00.583