Vulnerability identifier: #VU31892
Vulnerability risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-254
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
HD838
Hardware solutions /
Security hardware applicances
HD438IR
Hardware solutions /
Security hardware applicances
Vendor: AvertX
Description
This vulnerability allows a local attacker to bypass security rescritions feature.
The vulnerability exists due to a weak security in AvertX IP cameras. An attacker with physical access to the UART interface can access additional diagnostic and configuration functionalities as well as the camera's bootloader.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
HD838: All versions
HD438IR: All versions
External links
http://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.