Vulnerabilities > CVE-2018-12258 - Unspecified vulnerability in Apollotechnologiesinc Momentum Axel 720P Firmware 5.1.8

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

apollotechnologiesinc

NVD

Published: 2018-06-12

Updated: 2019-10-03

Summary

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting.

Vulnerable Configurations

Part	Description	Count
OS	Apollotechnologiesinc Apollotechnologiesinc Momentum Axel 720P Firmware 5.1.8	1
Hardware	Apollotechnologiesinc Apollotechnologiesinc Momentum Axel 720P -	1

References

https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf