Security Features in HD838 and HD438IR

#VU31892 Security Features in HD838 and HD438IR

Published: 2020-07-27

Vulnerability identifier: #VU31892

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11623

CWE-ID: CWE-254

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
HD838
Hardware solutions / Security hardware applicances
HD438IR
Hardware solutions / Security hardware applicances

Vendor: AvertX

Description

This vulnerability allows a local attacker to bypass security rescritions feature.

The vulnerability exists due to a weak security in AvertX IP cameras. An attacker with physical access to the UART interface can access additional diagnostic and configuration functionalities as well as the camera's bootloader.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

HD838: All versions

HD438IR: All versions

External links
http://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in AvertX HD838 and HD438IR cameras