Vulnerabilities > CVE-2018-12258 - Unspecified vulnerability in Apollotechnologiesinc Momentum Axel 720P Firmware 5.1.8

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

apollotechnologiesinc

NVD

Published: 2018-06-12

Updated: 2019-10-03

Summary

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting.

Vulnerable Configurations

Part	Description	Count
OS	Apollotechnologiesinc Apollotechnologiesinc Momentum Axel 720P Firmware 5.1.8	1
Hardware	Apollotechnologiesinc Apollotechnologiesinc Momentum Axel 720P -	1

References

https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf