Overview
- Description
- An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apollotechnologiesinc:momentum_axel_720p_firmware:5.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E6C0B73-09F5-4564-95B1-8D6EE44510B6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apollotechnologiesinc:momentum_axel_720p:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BE5DCE62-31E9-4C78-A4E4-88000392C7A2"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]