Vulnerabilities > CVE-2018-4018 - Unspecified vulnerability in Anker-In Roav Dashcam A1 Firmware 1.9

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

anker-in

critical

NVD

Published: 2019-05-13

Updated: 2022-06-07

Summary

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Anker-In Anker IN Roav Dashcam A1 Firmware 1.9	1
Hardware	Anker-In Anker IN Roav Dashcam A1 -	1

Talos

id	TALOS-2018-0689
last seen	2019-05-29
published	2019-05-13
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0689
title	Novatek NT9665X HTTP Upload Firmware Update Vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0689