Sign-up

ID

VAR-201905-0842


CVE

CVE-2018-4018


TITLE

Anker Roav A1 Dashcam Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015448

DESCRIPTION

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability. Anker Roav A1 Dashcam Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Novatek NT9665X Chipset is a chip for camera equipment. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.8

sources: NVD: CVE-2018-4018 // JVNDB: JVNDB-2018-015448 // VULHUB: VHN-134049 // VULMON: CVE-2018-4018

AFFECTED PRODUCTS

vendor:anker inmodel:roav dashcam a1scope:eqversion:1.9

Trust: 1.0

vendor:anker innovationsmodel:roav dashcam a1scope:eqversion:roava1swv1.9

Trust: 0.8

sources: JVNDB: JVNDB-2018-015448 // NVD: CVE-2018-4018

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4018
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2018-4018
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-4018
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201905-324
value: CRITICAL

Trust: 0.6

VULHUB: VHN-134049
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4018
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4018
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134049
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4018
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2018-4018
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2018-4018
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-134049 // VULMON: CVE-2018-4018 // JVNDB: JVNDB-2018-015448 // CNNVD: CNNVD-201905-324 // NVD: CVE-2018-4018 // NVD: CVE-2018-4018

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-134049 // JVNDB: JVNDB-2018-015448 // NVD: CVE-2018-4018

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-324

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-324

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015448

PATCH
title:Roav DashCam A1url:https://goroav.com/products/roav-dash-cam-a1
Trust: 0.8
title:NT9665X Chipset Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92489
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015448 // 
            
            
            
            CNNVD: CNNVD-201905-324

EXTERNAL IDS
db:TALOSid:TALOS-2018-0689
Trust: 2.6
db:NVDid:CVE-2018-4018
Trust: 2.6
db:JVNDBid:JVNDB-2018-015448
Trust: 0.8
db:CNNVDid:CNNVD-201905-324
Trust: 0.7
db:VULHUBid:VHN-134049
Trust: 0.1
db:VULMONid:CVE-2018-4018
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134049 // 
            
            
            
            VULMON: CVE-2018-4018 // 
            
            
            
            JVNDB: JVNDB-2018-015448 // 
            
            
            
            CNNVD: CNNVD-201905-324 // 
            
            
            
            NVD: CVE-2018-4018

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0689
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-4018
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4018
Trust: 0.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0689
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134049 // 
            
            
            
            VULMON: CVE-2018-4018 // 
            
            
            
            JVNDB: JVNDB-2018-015448 // 
            
            
            
            CNNVD: CNNVD-201905-324 // 
            
            
            
            NVD: CVE-2018-4018

CREDITS
Discovered by Lilith (<_<) of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ Timeline 2018-10-29 - Talos contacts vendor 2018-11-02 - Report disclosed to vendor 2018-12-04 - 30 day follow up 2019-01-18 - 60 day follow up - Talos reaches out to TWNCERT for assistance reaching vendor (Novatek)>br> 2019-01-22 - TWNCERT contacted Novatek and advised Novatek will check emails for reports 2019-03-06 - 90+ day follow up - Talos asks TWNCERT for direct point of contact for Novatek 2019-03-27 - Talos sends follow up to TWNCERT 2019-04-02 - Talos sends copies of email correspondence and reports to TWNCERT 2019-04-18 - Suggested pubic disclosure date of 2019-05-13 (171 days after initial disclosure) 2019-04-19 - Vendor fixed issue and provided patch to their IDH 2019-05-13 - Public disclosure Credit Discovered by Lilith (<_<) of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-324

SOURCES
db:VULHUBid:VHN-134049
db:VULMONid:CVE-2018-4018
db:JVNDBid:JVNDB-2018-015448
db:CNNVDid:CNNVD-201905-324
db:NVDid:CVE-2018-4018

LAST UPDATE DATE
2024-11-23T22:44:59.245000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134049date:2019-05-16T00:00:00
db:VULMONid:CVE-2018-4018date:2022-06-07T00:00:00
db:JVNDBid:JVNDB-2018-015448date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-324date:2022-06-08T00:00:00
db:NVDid:CVE-2018-4018date:2024-11-21T04:06:30.560

SOURCES RELEASE DATE
db:VULHUBid:VHN-134049date:2019-05-13T00:00:00
db:VULMONid:CVE-2018-4018date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2018-015448date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-324date:2019-05-13T00:00:00
db:NVDid:CVE-2018-4018date:2019-05-13T16:29:00.647