Lucene search
+L

40 matches found

NVD
NVD
added 2018/06/12 6:29 p.m.20 views

CVE-2018-12259

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise...

7.2CVSS6.6AI score0.0043EPSS
Exploits1References1
Prion
Prion
added 2018/06/12 6:29 p.m.14 views

Default credentials

An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices...

2.1CVSS6.7AI score0.00376EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/06/12 6:29 p.m.6 views

CVE-2018-12261

An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root...

4.4CVSS5.8AI score0.00329EPSS
Exploits1References1
NVD
NVD
added 2018/06/12 6:29 p.m.14 views

CVE-2018-12257

An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in...

4.4CVSS4.7AI score0.0035EPSS
Exploits1References1
NVD
NVD
added 2018/06/12 6:29 p.m.18 views

CVE-2018-12261

An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root...

4.4CVSS4.8AI score0.00329EPSS
Exploits1References1
Prion
Prion
added 2018/06/12 6:29 p.m.16 views

Code injection

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise...

7.2CVSS6.6AI score0.0043EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/06/12 6:0 p.m.43 views

CVE-2018-12258

The CVE-2018-12258 entry describes a firmware upgrade vulnerability on Momentum Axel 720P 5.1.8 devices. The affected component is the device firmware handling SD-card-based upgrades. The root cause is that an SD card containing a firmware file named ezviz.dav can be used, with physical access, t...

7.2CVSS6.5AI score0.00454EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/06/12 6:0 p.m.38 views

CVE-2018-12260

The CVE-2018-12260 issue affects Momentum Axel 720P devices running 5.1.8. A root password can be obtained in plaintext via the root CLI command showKey, meaning the same password may apply across devices. This is an information disclosure vulnerability tied to the root credential, with no docume...

6.7CVSS6.8AI score0.00376EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/06/12 6:0 p.m.42 views

CVE-2018-12259

The CVE-2018-12259 issue affects Momentum Axel 720P devices running version 5.1.8. The root cause is unrestricted access to the system via UART pins, enabling an attacker with physical access to obtain root and fully compromise the device. Documents consistently describe root access through UART ...

7.2CVSS6.6AI score0.0043EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/06/12 6:0 p.m.41 views

CVE-2018-12261

The connected CNVD entry for CVE-2018-12261 describes a buffer overflow vulnerability in Momentum Axel 720P 5.1.8, with the impact stated as an attacker being able to gain access to user accounts. The documents do not specify the vulnerable component or exact exploit details, nor provide a remedi...

4.4CVSS4.8AI score0.00329EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/06/12 6:0 p.m.21 views

CVE-2018-12257

An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in...

4.7AI score0.0035EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/06/12 6:0 p.m.22 views

CVE-2018-12259

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise...

6.6AI score0.0043EPSS
Exploits1References1
CVE
CVE
added 2018/06/12 6:0 p.m.44 views

CVE-2018-12257

CVE-2018-12257 affects Momentum Axel 720P 5.1.8. An authenticated root user with CLI access can remotely upgrade firmware to a custom image by exploiting DNS hijacking and the device’s lack of SSL validation: changing /etc/resolv.conf to point to the attacker’s server, then serving the expected H...

4.4CVSS4.7AI score0.0035EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/06/12 6:0 p.m.17 views

CVE-2018-12258

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting...

6.5AI score0.00454EPSS
Exploits1References1
NVD
NVD
added 2018/04/24 6:29 a.m.15 views

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

7.4CVSS7.6AI score0.00565EPSS
Exploits0References1
OSV
OSV
added 2018/04/24 6:29 a.m.3 views

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

7.4CVSS5.8AI score0.00565EPSS
Exploits0References1
Prion
Prion
added 2018/04/24 6:29 a.m.24 views

Hardcoded credentials

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

3.3CVSS7.6AI score0.00565EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/24 6:0 a.m.20 views

CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...

7.6AI score0.00565EPSS
Exploits0References1
CVE
CVE
added 2018/04/24 6:0 a.m.41 views

CVE-2018-10328

CVE-2018-10328 affects Momentum Axel 720P devices running version 5.1.8. The issue is a hardcoded password for the appagent account, allowing remote attackers to view the RTSP video stream. Documented CVSS: CVSS v3.0 base score 7.4 (HIGH), with ADJACENT network access, no user interaction, and co...

7.4CVSS7.5AI score0.00565EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/04/24 12:0 a.m.5 views

Momentum Axel 720P Information Disclosure Vulnerability

The Momentum Axel 720P is a dual-band HD camera that supports WiFi connectivity. A security vulnerability exists in the Momentum Axel 720P version 5.1.8, which stems from the appagent account using the hardcoded password: streaming.A remote attacker can exploit this vulnerability to view the vide...

7.4CVSS6.9AI score0.00565EPSS
Exploits0References1
Rows per page
Query Builder