Vulnerabilities > CVE-2018-4026 - Improper Check for Unusual or Exceptional Conditions vulnerability in Anker-In Roav Dashcam A1 Firmware 1.9

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
anker-in
CWE-754

Summary

An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot.

Vulnerable Configurations

Part Description Count
OS
Anker-In
1
Hardware
Anker-In
1

Talos

idTALOS-2018-0698
last seen2019-05-29
published2019-05-13
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0698
titleNovatek NT9665X XML_GetScreen Strncmp denial-of-service vulnerability