Find a vulnerability
Search criteria
9 vulnerabilities by apollotechnologiesinc
VAR-201806-0711
Vulnerability from variot - Updated: 2024-11-23 22:48An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise. Momentum Axel 720P Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. There is a security vulnerability in the MomentumAxel720P5.1.8 release. The attacker can use the UARTpin code to exploit the vulnerability to gain root privileges, thus giving complete control of the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0711",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 2.2,
"vendor": "apollotechnologiesinc",
"version": "5.1.8"
},
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 0.8,
"vendor": "apollo tech usa",
"version": "5.1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22747"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006341"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-716"
},
{
"db": "NVD",
"id": "CVE-2018-12259"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apollotechnologiesinc:momentum_axel_720p_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006341"
}
]
},
"cve": "CVE-2018-12259",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12259",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-22747",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-122200",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-12259",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12259",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-12259",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-22747",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-716",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122200",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22747"
},
{
"db": "VULHUB",
"id": "VHN-122200"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006341"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-716"
},
{
"db": "NVD",
"id": "CVE-2018-12259"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise. Momentum Axel 720P Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. There is a security vulnerability in the MomentumAxel720P5.1.8 release. The attacker can use the UARTpin code to exploit the vulnerability to gain root privileges, thus giving complete control of the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006341"
},
{
"db": "CNVD",
"id": "CNVD-2018-22747"
},
{
"db": "VULHUB",
"id": "VHN-122200"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12259",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006341",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-716",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-22747",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122200",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22747"
},
{
"db": "VULHUB",
"id": "VHN-122200"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006341"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-716"
},
{
"db": "NVD",
"id": "CVE-2018-12259"
}
]
},
"id": "VAR-201806-0711",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22747"
},
{
"db": "VULHUB",
"id": "VHN-122200"
}
],
"trust": 1.2833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22747"
}
]
},
"last_update_date": "2024-11-23T22:48:42.428000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://momentumcam.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006341"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122200"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006341"
},
{
"db": "NVD",
"id": "CVE-2018-12259"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12259"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12259"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22747"
},
{
"db": "VULHUB",
"id": "VHN-122200"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006341"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-716"
},
{
"db": "NVD",
"id": "CVE-2018-12259"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-22747"
},
{
"db": "VULHUB",
"id": "VHN-122200"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006341"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-716"
},
{
"db": "NVD",
"id": "CVE-2018-12259"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22747"
},
{
"date": "2018-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-122200"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006341"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-716"
},
{
"date": "2018-06-12T18:29:00.630000",
"db": "NVD",
"id": "CVE-2018-12259"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22747"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-122200"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006341"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-716"
},
{
"date": "2024-11-21T03:44:52.630000",
"db": "NVD",
"id": "CVE-2018-12259"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-716"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Momentum Axel 720P Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006341"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-716"
}
],
"trust": 0.6
}
}
VAR-201806-0713
Vulnerability from variot - Updated: 2024-11-23 22:45An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. A buffer overflow vulnerability exists in MomentumAxel720P version 5.1.8. An attacker could exploit this vulnerability to gain access to a user's account
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0713",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 1.6,
"vendor": "apollotechnologiesinc",
"version": "5.1.8"
},
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 0.8,
"vendor": "apollo tech usa",
"version": "5.1.8"
},
{
"model": "axel 720p",
"scope": "eq",
"trust": 0.6,
"vendor": "momentum",
"version": "5.1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14342"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006343"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-714"
},
{
"db": "NVD",
"id": "CVE-2018-12261"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apollotechnologiesinc:momentum_axel_720p_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006343"
}
]
},
"cve": "CVE-2018-12261",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12261",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-14342",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-122203",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"id": "CVE-2018-12261",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12261",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-12261",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-14342",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-714",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122203",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2018-12261",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14342"
},
{
"db": "VULHUB",
"id": "VHN-122203"
},
{
"db": "VULMON",
"id": "CVE-2018-12261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006343"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-714"
},
{
"db": "NVD",
"id": "CVE-2018-12261"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. A buffer overflow vulnerability exists in MomentumAxel720P version 5.1.8. An attacker could exploit this vulnerability to gain access to a user\u0027s account",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006343"
},
{
"db": "CNVD",
"id": "CNVD-2018-14342"
},
{
"db": "VULHUB",
"id": "VHN-122203"
},
{
"db": "VULMON",
"id": "CVE-2018-12261"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12261",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006343",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-714",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-14342",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122203",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-12261",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14342"
},
{
"db": "VULHUB",
"id": "VHN-122203"
},
{
"db": "VULMON",
"id": "CVE-2018-12261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006343"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-714"
},
{
"db": "NVD",
"id": "CVE-2018-12261"
}
]
},
"id": "VAR-201806-0713",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14342"
},
{
"db": "VULHUB",
"id": "VHN-122203"
}
],
"trust": 1.36666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14342"
}
]
},
"last_update_date": "2024-11-23T22:45:18.192000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://momentumcam.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006343"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-275",
"trust": 0.9
},
{
"problemtype": "CWE-732",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122203"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006343"
},
{
"db": "NVD",
"id": "CVE-2018-12261"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12261"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12261"
},
{
"trust": 0.6,
"url": "https://momentumcam.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144761"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14342"
},
{
"db": "VULHUB",
"id": "VHN-122203"
},
{
"db": "VULMON",
"id": "CVE-2018-12261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006343"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-714"
},
{
"db": "NVD",
"id": "CVE-2018-12261"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-14342"
},
{
"db": "VULHUB",
"id": "VHN-122203"
},
{
"db": "VULMON",
"id": "CVE-2018-12261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006343"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-714"
},
{
"db": "NVD",
"id": "CVE-2018-12261"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-14342"
},
{
"date": "2018-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-122203"
},
{
"date": "2018-06-12T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12261"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006343"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-714"
},
{
"date": "2018-06-12T18:29:00.727000",
"db": "NVD",
"id": "CVE-2018-12261"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-14342"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-122203"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12261"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006343"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-714"
},
{
"date": "2024-11-21T03:44:52.913000",
"db": "NVD",
"id": "CVE-2018-12261"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-714"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Momentum Axel 720P Permissions vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006343"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-714"
}
],
"trust": 0.6
}
}
VAR-201806-0710
Vulnerability from variot - Updated: 2024-11-23 22:38An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting. Momentum Axel 720P Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. There is a security vulnerability in the MomentumAxel720P5.1.8 release
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0710",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 2.2,
"vendor": "apollotechnologiesinc",
"version": "5.1.8"
},
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 0.8,
"vendor": "apollo tech usa",
"version": "5.1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22562"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006340"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-717"
},
{
"db": "NVD",
"id": "CVE-2018-12258"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apollotechnologiesinc:momentum_axel_720p_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006340"
}
]
},
"cve": "CVE-2018-12258",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12258",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-22562",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-122199",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-12258",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12258",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-12258",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-22562",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-717",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122199",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22562"
},
{
"db": "VULHUB",
"id": "VHN-122199"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006340"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-717"
},
{
"db": "NVD",
"id": "CVE-2018-12258"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name \u0027ezviz.dav\u0027 and rebooting. Momentum Axel 720P Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. There is a security vulnerability in the MomentumAxel720P5.1.8 release",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12258"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006340"
},
{
"db": "CNVD",
"id": "CNVD-2018-22562"
},
{
"db": "VULHUB",
"id": "VHN-122199"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12258",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006340",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-717",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-22562",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122199",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22562"
},
{
"db": "VULHUB",
"id": "VHN-122199"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006340"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-717"
},
{
"db": "NVD",
"id": "CVE-2018-12258"
}
]
},
"id": "VAR-201806-0710",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22562"
},
{
"db": "VULHUB",
"id": "VHN-122199"
}
],
"trust": 1.2833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22562"
}
]
},
"last_update_date": "2024-11-23T22:38:08.097000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://momentumcam.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006340"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122199"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006340"
},
{
"db": "NVD",
"id": "CVE-2018-12258"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12258"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12258"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22562"
},
{
"db": "VULHUB",
"id": "VHN-122199"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006340"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-717"
},
{
"db": "NVD",
"id": "CVE-2018-12258"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-22562"
},
{
"db": "VULHUB",
"id": "VHN-122199"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006340"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-717"
},
{
"db": "NVD",
"id": "CVE-2018-12258"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22562"
},
{
"date": "2018-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-122199"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006340"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-717"
},
{
"date": "2018-06-12T18:29:00.583000",
"db": "NVD",
"id": "CVE-2018-12258"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22562"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-122199"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006340"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-717"
},
{
"date": "2024-11-21T03:44:52.493000",
"db": "NVD",
"id": "CVE-2018-12258"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-717"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Momentum Axel 720P Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006340"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-717"
}
],
"trust": 0.6
}
}
VAR-201806-0731
Vulnerability from variot - Updated: 2024-11-23 22:38An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console. Momentum Axel 720P The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. An attacker with a physical location nearby can use this vulnerability to log in to the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0731",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 1.6,
"vendor": "apollotechnologiesinc",
"version": "5.1.8"
},
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 1.0,
"vendor": "apollotechnologiesinc",
"version": "*"
},
{
"model": "momentum axel 720p",
"scope": null,
"trust": 0.8,
"vendor": "apollo tech usa",
"version": null
},
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 0.8,
"vendor": "apollo tech usa",
"version": "5.1.8"
},
{
"model": "axel 720p momentum axel 720p",
"scope": "eq",
"trust": 0.6,
"vendor": "momentum",
"version": "5.1.3"
},
{
"model": "axel 720p momentum axel 720p",
"scope": "eq",
"trust": 0.6,
"vendor": "momentum",
"version": "0"
},
{
"model": "momentum axel 720p",
"scope": null,
"trust": 0.6,
"vendor": "apollotechnologiesinc",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24154"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006650"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-841"
},
{
"db": "NVD",
"id": "CVE-2018-12323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:apollotechnologiesinc:momentum_axel_720p",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apollotechnologiesinc:momentum_axel_720p_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006650"
}
]
},
"cve": "CVE-2018-12323",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12323",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-24154",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-122271",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-12323",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12323",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-12323",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-24154",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-841",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122271",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24154"
},
{
"db": "VULHUB",
"id": "VHN-122271"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006650"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-841"
},
{
"db": "NVD",
"id": "CVE-2018-12323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console. Momentum Axel 720P The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. An attacker with a physical location nearby can use this vulnerability to log in to the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12323"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006650"
},
{
"db": "CNVD",
"id": "CNVD-2018-24154"
},
{
"db": "VULHUB",
"id": "VHN-122271"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12323",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006650",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-841",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-24154",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122271",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24154"
},
{
"db": "VULHUB",
"id": "VHN-122271"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006650"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-841"
},
{
"db": "NVD",
"id": "CVE-2018-12323"
}
]
},
"id": "VAR-201806-0731",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24154"
},
{
"db": "VULHUB",
"id": "VHN-122271"
}
],
"trust": 1.49166665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24154"
}
]
},
"last_update_date": "2024-11-23T22:38:08.068000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://momentumcam.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006650"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122271"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006650"
},
{
"db": "NVD",
"id": "CVE-2018-12323"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12323"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12323"
},
{
"trust": 0.6,
"url": "https://momentumcam.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24154"
},
{
"db": "VULHUB",
"id": "VHN-122271"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006650"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-841"
},
{
"db": "NVD",
"id": "CVE-2018-12323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-24154"
},
{
"db": "VULHUB",
"id": "VHN-122271"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006650"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-841"
},
{
"db": "NVD",
"id": "CVE-2018-12323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24154"
},
{
"date": "2018-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-122271"
},
{
"date": "2018-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006650"
},
{
"date": "2018-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-841"
},
{
"date": "2018-06-13T16:29:01.673000",
"db": "NVD",
"id": "CVE-2018-12323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24154"
},
{
"date": "2018-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-122271"
},
{
"date": "2018-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006650"
},
{
"date": "2018-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-841"
},
{
"date": "2024-11-21T03:44:59.653000",
"db": "NVD",
"id": "CVE-2018-12323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-841"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Momentum Axel 720P Vulnerabilities related to the use of hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006650"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-841"
}
],
"trust": 0.6
}
}
VAR-201804-0744
Vulnerability from variot - Updated: 2024-11-23 22:34Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream. Momentum Axel 720P The device contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. A security vulnerability exists in the MomentumAxel720P version 5.1.8, which is derived from the hard-coded password used by the appagent account: streaming. A remote attacker can exploit this vulnerability to view video streams
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0744",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "axel 720p",
"scope": "eq",
"trust": 2.2,
"vendor": "momentum",
"version": "5.1.8"
},
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 0.8,
"vendor": "apollo tech usa",
"version": "5.1.8"
},
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 0.6,
"vendor": "apollotechnologiesinc",
"version": "5.1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08576"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004534"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1405"
},
{
"db": "NVD",
"id": "CVE-2018-10328"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apollotechnologiesinc:momentum_axel_720p_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004534"
}
]
},
"cve": "CVE-2018-10328",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2018-10328",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08576",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-120076",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-10328",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10328",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-10328",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-08576",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-1405",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-120076",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08576"
},
{
"db": "VULHUB",
"id": "VHN-120076"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004534"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1405"
},
{
"db": "NVD",
"id": "CVE-2018-10328"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream. Momentum Axel 720P The device contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. A security vulnerability exists in the MomentumAxel720P version 5.1.8, which is derived from the hard-coded password used by the appagent account: streaming. A remote attacker can exploit this vulnerability to view video streams",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10328"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004534"
},
{
"db": "CNVD",
"id": "CNVD-2018-08576"
},
{
"db": "VULHUB",
"id": "VHN-120076"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10328",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004534",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1405",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-08576",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-120076",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08576"
},
{
"db": "VULHUB",
"id": "VHN-120076"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004534"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1405"
},
{
"db": "NVD",
"id": "CVE-2018-10328"
}
]
},
"id": "VAR-201804-0744",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08576"
},
{
"db": "VULHUB",
"id": "VHN-120076"
}
],
"trust": 1.36666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08576"
}
]
},
"last_update_date": "2024-11-23T22:34:18.113000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://momentumcam.com"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004534"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120076"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004534"
},
{
"db": "NVD",
"id": "CVE-2018-10328"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10328"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10328"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08576"
},
{
"db": "VULHUB",
"id": "VHN-120076"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004534"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1405"
},
{
"db": "NVD",
"id": "CVE-2018-10328"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-08576"
},
{
"db": "VULHUB",
"id": "VHN-120076"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004534"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1405"
},
{
"db": "NVD",
"id": "CVE-2018-10328"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08576"
},
{
"date": "2018-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-120076"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004534"
},
{
"date": "2018-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1405"
},
{
"date": "2018-04-24T06:29:00.630000",
"db": "NVD",
"id": "CVE-2018-10328"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08576"
},
{
"date": "2018-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-120076"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004534"
},
{
"date": "2018-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1405"
},
{
"date": "2024-11-21T03:41:13.910000",
"db": "NVD",
"id": "CVE-2018-10328"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1405"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Momentum Axel 720P Vulnerabilities related to the use of hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1405"
}
],
"trust": 0.6
}
}
VAR-201806-0712
Vulnerability from variot - Updated: 2024-11-23 22:34An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices. Momentum Axel 720P Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. There is a security vulnerability in the MomentumAxel720P5.1.8 release
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0712",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 2.2,
"vendor": "apollotechnologiesinc",
"version": "5.1.8"
},
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 0.8,
"vendor": "apollo tech usa",
"version": "5.1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006342"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-715"
},
{
"db": "NVD",
"id": "CVE-2018-12260"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apollotechnologiesinc:momentum_axel_720p_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006342"
}
]
},
"cve": "CVE-2018-12260",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12260",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-22560",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-122202",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2018-12260",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12260",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-12260",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-22560",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-715",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122202",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22560"
},
{
"db": "VULHUB",
"id": "VHN-122202"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006342"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-715"
},
{
"db": "NVD",
"id": "CVE-2018-12260"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command \u0027showKey\u0027 from the root CLI. This password may be the same on all devices. Momentum Axel 720P Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. There is a security vulnerability in the MomentumAxel720P5.1.8 release",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006342"
},
{
"db": "CNVD",
"id": "CNVD-2018-22560"
},
{
"db": "VULHUB",
"id": "VHN-122202"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12260",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006342",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-715",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-22560",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122202",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22560"
},
{
"db": "VULHUB",
"id": "VHN-122202"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006342"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-715"
},
{
"db": "NVD",
"id": "CVE-2018-12260"
}
]
},
"id": "VAR-201806-0712",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22560"
},
{
"db": "VULHUB",
"id": "VHN-122202"
}
],
"trust": 1.2833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22560"
}
]
},
"last_update_date": "2024-11-23T22:34:15.747000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://momentumcam.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006342"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122202"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006342"
},
{
"db": "NVD",
"id": "CVE-2018-12260"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12260"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12260"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22560"
},
{
"db": "VULHUB",
"id": "VHN-122202"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006342"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-715"
},
{
"db": "NVD",
"id": "CVE-2018-12260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-22560"
},
{
"db": "VULHUB",
"id": "VHN-122202"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006342"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-715"
},
{
"db": "NVD",
"id": "CVE-2018-12260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22560"
},
{
"date": "2018-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-122202"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006342"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-715"
},
{
"date": "2018-06-12T18:29:00.677000",
"db": "NVD",
"id": "CVE-2018-12260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22560"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-122202"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006342"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-715"
},
{
"date": "2024-11-21T03:44:52.770000",
"db": "NVD",
"id": "CVE-2018-12260"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-715"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Momentum Axel 720P Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-715"
}
],
"trust": 0.6
}
}
VAR-201806-0709
Vulnerability from variot - Updated: 2024-11-23 22:30An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in /etc/resolv.conf to the attacker's server, and serving the expected HTTPS response containing new firmware for the device to download. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. A security vulnerability exists in the MomentumAxel720P version 5.1.8, which is due to a lack of verification of SSL by the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0709",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 2.2,
"vendor": "apollotechnologiesinc",
"version": "5.1.8"
},
{
"model": "momentum axel 720p",
"scope": "eq",
"trust": 0.8,
"vendor": "apollo tech usa",
"version": "5.1.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006339"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-718"
},
{
"db": "NVD",
"id": "CVE-2018-12257"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apollotechnologiesinc:momentum_axel_720p_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006339"
}
]
},
"cve": "CVE-2018-12257",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12257",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-22563",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-122198",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"id": "CVE-2018-12257",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12257",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-12257",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-22563",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-718",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-122198",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22563"
},
{
"db": "VULHUB",
"id": "VHN-122198"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006339"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-718"
},
{
"db": "NVD",
"id": "CVE-2018-12257"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in /etc/resolv.conf to the attacker\u0027s server, and serving the expected HTTPS response containing new firmware for the device to download. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. A security vulnerability exists in the MomentumAxel720P version 5.1.8, which is due to a lack of verification of SSL by the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12257"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006339"
},
{
"db": "CNVD",
"id": "CNVD-2018-22563"
},
{
"db": "VULHUB",
"id": "VHN-122198"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12257",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006339",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-718",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-22563",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122198",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22563"
},
{
"db": "VULHUB",
"id": "VHN-122198"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006339"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-718"
},
{
"db": "NVD",
"id": "CVE-2018-12257"
}
]
},
"id": "VAR-201806-0709",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22563"
},
{
"db": "VULHUB",
"id": "VHN-122198"
}
],
"trust": 1.2833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22563"
}
]
},
"last_update_date": "2024-11-23T22:30:22.128000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://momentumcam.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006339"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122198"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006339"
},
{
"db": "NVD",
"id": "CVE-2018-12257"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12257"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12257"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-22563"
},
{
"db": "VULHUB",
"id": "VHN-122198"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006339"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-718"
},
{
"db": "NVD",
"id": "CVE-2018-12257"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-22563"
},
{
"db": "VULHUB",
"id": "VHN-122198"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006339"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-718"
},
{
"db": "NVD",
"id": "CVE-2018-12257"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22563"
},
{
"date": "2018-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-122198"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006339"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-718"
},
{
"date": "2018-06-12T18:29:00.537000",
"db": "NVD",
"id": "CVE-2018-12257"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22563"
},
{
"date": "2018-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-122198"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006339"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-718"
},
{
"date": "2024-11-21T03:44:52.353000",
"db": "NVD",
"id": "CVE-2018-12257"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-718"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Momentum Axel 720P Vulnerabilities related to certificate validation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006339"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-718"
}
],
"trust": 0.6
}
}
CVE-2018-12323 (GCVE-0-2018-12323)
Vulnerability from nvd – Published: 2018-06-13 16:00 – Updated: 2024-09-17 04:15- n/a
| URL | Tags |
|---|---|
| https://rchase.com/downloads/momentum-iot-penetra… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-13T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf",
"refsource": "MISC",
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12323",
"datePublished": "2018-06-13T16:00:00.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:15:00.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12323 (GCVE-0-2018-12323)
Vulnerability from cvelistv5 – Published: 2018-06-13 16:00 – Updated: 2024-09-17 04:15- n/a
| URL | Tags |
|---|---|
| https://rchase.com/downloads/momentum-iot-penetra… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-13T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf",
"refsource": "MISC",
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12323",
"datePublished": "2018-06-13T16:00:00.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:15:00.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}