Sign-up

ID

VAR-201905-0848


CVE

CVE-2018-4028


TITLE

Anker Roav A1 Dashcam Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015442

DESCRIPTION

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability. Anker Roav A1 Dashcam Contains a permission vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Novatek NT9665X Chipset is a chip for camera equipment. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.71

sources: NVD: CVE-2018-4028 // JVNDB: JVNDB-2018-015442 // VULHUB: VHN-134059

AFFECTED PRODUCTS

vendor:anker inmodel:roav dashcam a1scope:eqversion:1.9

Trust: 1.0

vendor:anker innovationsmodel:roav dashcam a1scope:eqversion:roava1swv1.9

Trust: 0.8

sources: JVNDB: JVNDB-2018-015442 // NVD: CVE-2018-4028

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4028
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2018-4028
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4028
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-328
value: HIGH

Trust: 0.6

VULHUB: VHN-134059
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4028
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134059
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4028
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2018-4028
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2018-4028
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-134059 // JVNDB: JVNDB-2018-015442 // CNNVD: CNNVD-201905-328 // NVD: CVE-2018-4028 // NVD: CVE-2018-4028

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-275

Trust: 0.9

sources: VULHUB: VHN-134059 // JVNDB: JVNDB-2018-015442 // NVD: CVE-2018-4028

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-328

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201905-328

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015442

PATCH
title:Roav DashCam A1url:https://goroav.com/products/roav-dash-cam-a1
Trust: 0.8
title:NT9665X Chipset Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92493
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015442 // 
            
            
            
            CNNVD: CNNVD-201905-328

EXTERNAL IDS
db:TALOSid:TALOS-2018-0700
Trust: 2.5
db:NVDid:CVE-2018-4028
Trust: 2.5
db:JVNDBid:JVNDB-2018-015442
Trust: 0.8
db:CNNVDid:CNNVD-201905-328
Trust: 0.7
db:VULHUBid:VHN-134059
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134059 // 
            
            
            
            JVNDB: JVNDB-2018-015442 // 
            
            
            
            CNNVD: CNNVD-201905-328 // 
            
            
            
            NVD: CVE-2018-4028

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0700
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-4028
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4028
Trust: 0.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0700
Trust: 0.6
sources:
            
            
            VULHUB: VHN-134059 // 
            
            
            
            JVNDB: JVNDB-2018-015442 // 
            
            
            
            CNNVD: CNNVD-201905-328 // 
            
            
            
            NVD: CVE-2018-4028

CREDITS
Discovered by Lilith (<_<) of Cisco Talos.,Lilith (<_<) of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-328

SOURCES
db:VULHUBid:VHN-134059
db:JVNDBid:JVNDB-2018-015442
db:CNNVDid:CNNVD-201905-328
db:NVDid:CVE-2018-4028

LAST UPDATE DATE
2024-11-23T22:55:32.900000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134059date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-015442date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-328date:2020-08-25T00:00:00
db:NVDid:CVE-2018-4028date:2024-11-21T04:06:33.143

SOURCES RELEASE DATE
db:VULHUBid:VHN-134059date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2018-015442date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-328date:2019-05-13T00:00:00
db:NVDid:CVE-2018-4028date:2019-05-13T16:29:01.023