CVE-2018-12258 : An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upg

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting.

Published 2018-06-12 18:29:01

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2018-12258

Apollotechnologiesinc » Momentum Axel 720p Firmware » Version: 5.1.8
cpe:2.3:o:apollotechnologiesinc:momentum_axel_720p_firmware:5.1.8:*:*:*:*:*:*:*
Matching versions
When used together with: Apollotechnologiesinc » Momentum Axel 720p » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2018-12258

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-12258

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.8	MEDIUM	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	0.9	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2018-12258

https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf

Exploit;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-12258

Products affected by CVE-2018-12258

Exploit prediction scoring system (EPSS) score for CVE-2018-12258

CVSS scores for CVE-2018-12258

References for CVE-2018-12258