Details of VAR-201812-0753

ID

VAR-201812-0753

CVE

CVE-2018-20342

TITLE

Floureon IP Camera SP012 Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-014395

DESCRIPTION

The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. Floureon IP Camera SP012 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2018-20342 // JVNDB: JVNDB-2018-014395

IOT TAXONOMY

category:

['camera device']

sub_category:

IP camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	floureon	model:	sp012	scope:	eq	version:	-	Trust: 1.0
vendor:	aiti feier e commerce	model:	floureon sp012	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-014395 // NVD: CVE-2018-20342

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20342
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-20342
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201812-1001
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-20342
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-20342
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2018-014395 // CNNVD: CNNVD-201812-1001 // NVD: CVE-2018-20342

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2018-014395 // NVD: CVE-2018-20342

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201812-1001

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014395

PATCH

title:

Top Page

url:

http://www.floureon.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-014395

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20342	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-014395	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1001	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2018-014395 // CNNVD: CNNVD-201812-1001 // NVD: CVE-2018-20342

REFERENCES

url:	https://neolex-security.fr/blog/8/	Trust: 2.4
url:	https://neolex-security.fr/blog/7/	Trust: 2.4
url:	http://neolex-security.fr/article/obtenir-un-shell-root-par-les-ports-uart-sur-une-camera-ip-floureon/	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20342	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20342	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2018-014395 // CNNVD: CNNVD-201812-1001 // NVD: CVE-2018-20342

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2018-014395
db:	CNNVD	id:	CNNVD-201812-1001
db:	NVD	id:	CVE-2018-20342

LAST UPDATE DATE

2025-01-30T21:23:59.488000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2018-014395	date:	2019-03-19T00:00:00
db:	CNNVD	id:	CNNVD-201812-1001	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2018-20342	date:	2024-11-21T04:01:16.767

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2018-014395	date:	2019-03-19T00:00:00
db:	CNNVD	id:	CNNVD-201812-1001	date:	2018-12-24T00:00:00
db:	NVD	id:	CVE-2018-20342	date:	2018-12-21T18:29:04.493