Sign-up

ID

VAR-201806-0712


CVE

CVE-2018-12260


TITLE

Momentum Axel 720P Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-006342

DESCRIPTION

An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices. Momentum Axel 720P Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. There is a security vulnerability in the MomentumAxel720P5.1.8 release

Trust: 2.25

sources: NVD: CVE-2018-12260 // JVNDB: JVNDB-2018-006342 // CNVD: CNVD-2018-22560 // VULHUB: VHN-122202

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-22560

AFFECTED PRODUCTS

vendor:apollotechnologiesincmodel:momentum axel 720pscope:eqversion:5.1.8

Trust: 2.2

vendor:apollo tech usamodel:momentum axel 720pscope:eqversion:5.1.8

Trust: 0.8

sources: CNVD: CNVD-2018-22560 // JVNDB: JVNDB-2018-006342 // CNNVD: CNNVD-201806-715 // NVD: CVE-2018-12260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12260
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12260
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-22560
value: LOW

Trust: 0.6

CNNVD: CNNVD-201806-715
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122202
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-12260
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-22560
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-122202
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12260
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-22560 // VULHUB: VHN-122202 // JVNDB: JVNDB-2018-006342 // CNNVD: CNNVD-201806-715 // NVD: CVE-2018-12260

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-122202 // JVNDB: JVNDB-2018-006342 // NVD: CVE-2018-12260

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201806-715

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201806-715

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006342

PATCH
title:Top Pageurl:https://momentumcam.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-006342

EXTERNAL IDS
db:NVDid:CVE-2018-12260
Trust: 3.1
db:JVNDBid:JVNDB-2018-006342
Trust: 0.8
db:CNNVDid:CNNVD-201806-715
Trust: 0.7
db:CNVDid:CNVD-2018-22560
Trust: 0.6
db:VULHUBid:VHN-122202
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-22560 // 
            
            
            
            VULHUB: VHN-122202 // 
            
            
            
            JVNDB: JVNDB-2018-006342 // 
            
            
            
            CNNVD: CNNVD-201806-715 // 
            
            
            
            NVD: CVE-2018-12260

REFERENCES
url:https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-12260
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12260
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-22560 // 
            
            
            
            VULHUB: VHN-122202 // 
            
            
            
            JVNDB: JVNDB-2018-006342 // 
            
            
            
            CNNVD: CNNVD-201806-715 // 
            
            
            
            NVD: CVE-2018-12260

SOURCES
db:CNVDid:CNVD-2018-22560
db:VULHUBid:VHN-122202
db:JVNDBid:JVNDB-2018-006342
db:CNNVDid:CNNVD-201806-715
db:NVDid:CVE-2018-12260

LAST UPDATE DATE
2024-11-23T22:34:15.747000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-22560date:2018-11-06T00:00:00
db:VULHUBid:VHN-122202date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-006342date:2018-08-17T00:00:00
db:CNNVDid:CNNVD-201806-715date:2019-10-23T00:00:00
db:NVDid:CVE-2018-12260date:2024-11-21T03:44:52.770

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-22560date:2018-11-06T00:00:00
db:VULHUBid:VHN-122202date:2018-06-12T00:00:00
db:JVNDBid:JVNDB-2018-006342date:2018-08-17T00:00:00
db:CNNVDid:CNNVD-201806-715date:2018-06-13T00:00:00
db:NVDid:CVE-2018-12260date:2018-06-12T18:29:00.677