#VU31892 Security Features in HD838 and HD438IR - CVE-2020-11623
Published: July 27, 2020
Vulnerability identifier: #VU31892
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-11623
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
HD838
HD438IR
HD838
HD438IR
Software vendor:
AvertX
AvertX
Description
This vulnerability allows a local attacker to bypass security rescritions feature.
The vulnerability exists due to a weak security in AvertX IP cameras. An attacker with physical access to the UART interface can access additional diagnostic and configuration functionalities as well as the camera's bootloader.
Remediation
Install updates from vendor's website.