Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam

Lilith Wyatt of Cisco Talos discovered these vulnerabilities. Executive Summary Cisco Talos is disclosing multiple vulnerabilities in the Anker Roav A1 Dashcam and the Novatek NT9665X chipset. The Roav A1 Dashcam by Anker is a dashboard camera that allows users to connect using the Roav app for...

Novatek NT9665X XML_GetThumbNail denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot. Tested...

Novatek NT9665X HFS Overwrite denial-of-service vulnerability

Summary An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send a...

Novatek NT9665X HFS Recv buffer overflow code execution vulnerability

Summary An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code executio...

Novatek NT9665X XML_UploadFile path overflow code execution vulnerability

Summary An exploitable code execution vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. Tested...

Novatek NT9665X XML_GetScreen Strncmp denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the XMLGetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot...

Team Ghostshell Allegedly Spills 2.5 M Russian Records

As part of what it’s calling “Project Blackstar,” the hacking collective Team Ghostshell posted approximately 2.5 million records it claims belong to Russian individuals who work across the political, educational and law enforcement spectrum online earlier this morning. With the project, detailed...

Novatek SQL Injection

================================================= Novatek sezioni.php SQL Injection Vulnerability ================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' ...

Novatek (sezioni.php) SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================= Novatek sezioni.php SQL Injection Vulnerability ================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'...