Multiple vulnerabilities in AvertX HD838 and HD438IR cameras
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-11623 CVE-2020-11624 CVE-2020-11625 |
| CWE-ID | CWE-254 CWE-521 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
HD838 Hardware solutions / Security hardware applicances HD438IR Hardware solutions / Security hardware applicances |
| Vendor | AvertX |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Security Features
EUVDB-ID: #VU31892
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-11623
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThis vulnerability allows a local attacker to bypass security rescritions feature.
The vulnerability exists due to a weak security in AvertX IP cameras. An attacker with physical access to the UART interface can access additional diagnostic and configuration functionalities as well as the camera's bootloader.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHD838: before 5.5.97_200220
HD438IR: before 5.6.0_200307
External linkshttp://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Weak password requirements
EUVDB-ID: #VU31893
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-11624
CWE-ID:
CWE-521 - Weak Password Requirements
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform brute-force attack and guess the password.
The vulnerability exists due to the affected cameras do not require users to change the default password for the admin account. A remote authenticated attacker can perform a brute-force attack and disclose the default username within the login.js script.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHD838: before 5.5.97_200220
HD438IR: before 5.6.0_200307
External linkshttp://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU31894
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-11625
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to failed web UI login attempts that elicit different responses depending on whether a user account exists. A remote attacker can enumerate legitimate usernames.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHD838: before 5.5.97_200220
HD438IR: before 5.6.0_200307
External linkshttp://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
