CVE-2018-4018
Last modified
CVE-2018-4018 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. EPSS estimates a 2.33% chance of exploitation in the next 30 days.
Description
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Anker-In | Roav Dashcam A1 Firmware | 1.9 |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0689Exploit, Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0689Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-4018?
How severe is CVE-2018-4018?
How do I fix CVE-2018-4018?
Are you affected by CVE-2018-4018?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST