CVE-2020-11623
Last modified
CVE-2020-11623 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera's bootloader. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera's bootloader. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system. It could even render the device inoperable.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Avertx | Hd838 Firmware | All versions |
| Avertx | Hd438 Firmware | All versions |
References
- https://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/Exploit, Patch, Third Party Advisory
- https://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/Exploit, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-11623?
How severe is CVE-2020-11623?
How do I fix CVE-2020-11623?
Are you affected by CVE-2020-11623?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST