Sign-up

ID

VAR-201806-0711


CVE

CVE-2018-12259


TITLE

Momentum Axel 720P Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-006341

DESCRIPTION

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise. Momentum Axel 720P Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. There is a security vulnerability in the MomentumAxel720P5.1.8 release. The attacker can use the UARTpin code to exploit the vulnerability to gain root privileges, thus giving complete control of the system

Trust: 2.25

sources: NVD: CVE-2018-12259 // JVNDB: JVNDB-2018-006341 // CNVD: CNVD-2018-22747 // VULHUB: VHN-122200

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-22747

AFFECTED PRODUCTS

vendor:apollotechnologiesincmodel:momentum axel 720pscope:eqversion:5.1.8

Trust: 2.2

vendor:apollo tech usamodel:momentum axel 720pscope:eqversion:5.1.8

Trust: 0.8

sources: CNVD: CNVD-2018-22747 // JVNDB: JVNDB-2018-006341 // CNNVD: CNNVD-201806-716 // NVD: CVE-2018-12259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12259
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12259
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-22747
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-716
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122200
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12259
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-22747
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-122200
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12259
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-22747 // VULHUB: VHN-122200 // JVNDB: JVNDB-2018-006341 // CNNVD: CNNVD-201806-716 // NVD: CVE-2018-12259

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-122200 // JVNDB: JVNDB-2018-006341 // NVD: CVE-2018-12259

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201806-716

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201806-716

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006341

PATCH
title:Top Pageurl:https://momentumcam.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-006341

EXTERNAL IDS
db:NVDid:CVE-2018-12259
Trust: 3.1
db:JVNDBid:JVNDB-2018-006341
Trust: 0.8
db:CNNVDid:CNNVD-201806-716
Trust: 0.7
db:CNVDid:CNVD-2018-22747
Trust: 0.6
db:VULHUBid:VHN-122200
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-22747 // 
            
            
            
            VULHUB: VHN-122200 // 
            
            
            
            JVNDB: JVNDB-2018-006341 // 
            
            
            
            CNNVD: CNNVD-201806-716 // 
            
            
            
            NVD: CVE-2018-12259

REFERENCES
url:https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-12259
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12259
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-22747 // 
            
            
            
            VULHUB: VHN-122200 // 
            
            
            
            JVNDB: JVNDB-2018-006341 // 
            
            
            
            CNNVD: CNNVD-201806-716 // 
            
            
            
            NVD: CVE-2018-12259

SOURCES
db:CNVDid:CNVD-2018-22747
db:VULHUBid:VHN-122200
db:JVNDBid:JVNDB-2018-006341
db:CNNVDid:CNNVD-201806-716
db:NVDid:CVE-2018-12259

LAST UPDATE DATE
2024-11-23T22:48:42.428000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-22747date:2018-11-08T00:00:00
db:VULHUBid:VHN-122200date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-006341date:2018-08-17T00:00:00
db:CNNVDid:CNNVD-201806-716date:2019-10-23T00:00:00
db:NVDid:CVE-2018-12259date:2024-11-21T03:44:52.630

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-22747date:2018-11-08T00:00:00
db:VULHUBid:VHN-122200date:2018-06-12T00:00:00
db:JVNDBid:JVNDB-2018-006341date:2018-08-17T00:00:00
db:CNNVDid:CNNVD-201806-716date:2018-06-13T00:00:00
db:NVDid:CVE-2018-12259date:2018-06-12T18:29:00.630