Sign-up

ID

VAR-201905-0839


CVE

CVE-2018-4014


TITLE

Roav A1 Dashcam Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-015433 // CNNVD: CNNVD-201905-319

DESCRIPTION

An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Roav A1 Dashcam Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Roav A1 Dashcam is a car HD camera. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.8

sources: NVD: CVE-2018-4014 // JVNDB: JVNDB-2018-015433 // VULHUB: VHN-134045 // VULMON: CVE-2018-4014

IOT TAXONOMY

category:['camera device']sub_category:dashcam

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:anker inmodel:roav dashcam a1scope:eqversion:roava1swv1.9

Trust: 1.0

vendor:anker innovationsmodel:roav dashcam a1scope:eqversion:roava1swv1.9

Trust: 0.8

sources: JVNDB: JVNDB-2018-015433 // NVD: CVE-2018-4014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4014
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2018-4014
value: HIGH

Trust: 1.0

NVD: CVE-2018-4014
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201905-319
value: CRITICAL

Trust: 0.6

VULHUB: VHN-134045
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4014
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4014
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134045
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4014
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2018-4014
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2018-4014
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-134045 // VULMON: CVE-2018-4014 // JVNDB: JVNDB-2018-015433 // CNNVD: CNNVD-201905-319 // NVD: CVE-2018-4014 // NVD: CVE-2018-4014

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-134045 // JVNDB: JVNDB-2018-015433 // NVD: CVE-2018-4014

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-319

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-319

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015433

PATCH
title:Top Pageurl:http://www.anker-in.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015433

EXTERNAL IDS
db:NVDid:CVE-2018-4014
Trust: 2.7
db:TALOSid:TALOS-2018-0685
Trust: 2.6
db:JVNDBid:JVNDB-2018-015433
Trust: 0.8
db:CNNVDid:CNNVD-201905-319
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-134045
Trust: 0.1
db:VULMONid:CVE-2018-4014
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-134045 // 
            
            
            
            VULMON: CVE-2018-4014 // 
            
            
            
            JVNDB: JVNDB-2018-015433 // 
            
            
            
            CNNVD: CNNVD-201905-319 // 
            
            
            
            NVD: CVE-2018-4014

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0685
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-4014
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4014
Trust: 0.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0685
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-134045 // 
            
            
            
            VULMON: CVE-2018-4014 // 
            
            
            
            JVNDB: JVNDB-2018-015433 // 
            
            
            
            CNNVD: CNNVD-201905-319 // 
            
            
            
            NVD: CVE-2018-4014

CREDITS
Discovered by Lilith ?\_( ツ )_/? of Cisco Talos.,Lilith ?\_( ツ )_/? of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-319

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-134045
db:VULMONid:CVE-2018-4014
db:JVNDBid:JVNDB-2018-015433
db:CNNVDid:CNNVD-201905-319
db:NVDid:CVE-2018-4014

LAST UPDATE DATE
2025-01-30T21:11:24.070000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134045date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-4014date:2022-06-07T00:00:00
db:JVNDBid:JVNDB-2018-015433date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-319date:2020-08-25T00:00:00
db:NVDid:CVE-2018-4014date:2024-11-21T04:06:29.947

SOURCES RELEASE DATE
db:VULHUBid:VHN-134045date:2019-05-13T00:00:00
db:VULMONid:CVE-2018-4014date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2018-015433date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-319date:2019-05-13T00:00:00
db:NVDid:CVE-2018-4014date:2019-05-13T16:29:00.460