Published: 12/06/2018 Updated: 02/08/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

An issue exists on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in /etc/resolv.conf to the attacker's server, and serving the expected HTTPS response containing new firmware for the device to download.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apollotechnologiesinc momentum_axel_720p_firmware 5.1.8

A PoC for upgrading firmware via DNS hijacking on a Momentum IP camera

CVE-2018-12257 IoT-Hacking-DNS-Hijacking-Firmware-Upgrade-PoC A PoC for upgrading firmware via DNS hijacking on a Momentum IP camera It is possible to upgrade the firmware on Momentum IP camera by changing /etc/resolvconf to the attacker's DNS server, then hosting this https-serverpy page with firmware upgrade instructions For more information see rchasecom/do

CWE-295 https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf https://nvd.nist.gov https://github.com/reillychase/IoT-Hacking-DNS-Hijacking-Firmware-Upgrade-PoC

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-12257

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect