CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2018-4029
https://notcve.org/view.php?id=CVE-2018-4029
13 May 2019 — An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution. Se presenta una vulnerabilidad de ejecución de código explotable en la función de análisis de peticiones (request-parsing) de HTTP de NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. Un pa... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0701 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4024
https://notcve.org/view.php?id=CVE-2018-4024
13 May 2019 — An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot. Se presenta una vulnerabilidad de Denegación de Servicio (DoS) explotable en la funcionalidad thumbnail display de NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. Un paquete especialmente manipula... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0696 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4027
https://notcve.org/view.php?id=CVE-2018-4027
13 May 2019 — An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability. Se presenta una vulnerabilidad de Denegación de Servicio (DoS) explotable en el comando Wi-Fi XML_UploadFile de NT9665... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0699 • CWE-662: Improper Synchronization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4028
https://notcve.org/view.php?id=CVE-2018-4028
13 May 2019 — An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability. Se presenta una vulnerabilidad explotable de actualización de firmware, en NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. El servidor HTTP... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0700 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2018-4018
https://notcve.org/view.php?id=CVE-2018-4018
13 May 2019 — An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability. Se presenta una vulnerabilidad explotable de actualización de firmware en NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. El se... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0689 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4025
https://notcve.org/view.php?id=CVE-2018-4025
13 May 2019 — An exploitable denial-of-service vulnerability exists in the XML_GetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot. Se presenta una vulnerabilidad explotable de Denegación de Servicio (DoS) en el comando Wi-Fi XML_GetRawEncJpg Wi-Fi de NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. Un paquete especialmente c... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0697 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4026
https://notcve.org/view.php?id=CVE-2018-4026
13 May 2019 — An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot. Se presenta una vulnerabilidad explotable de Denegación de Servicio (DoS) en el comando Wi-Fi XML_GetScreen del de NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. Un conjunto de paquetes es... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0698 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4023
https://notcve.org/view.php?id=CVE-2018-4023
13 May 2019 — An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. Se presenta una vulnerabilidad explotable de ejecución de código en el comando Wi-Fi XML_UploadFile de NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. Un paquete especialmente creado puede generar un ... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0695 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4017
https://notcve.org/view.php?id=CVE-2018-4017
13 May 2019 — An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability. Se presenta una vulnerabilidad factible en la función Wi-Fi Access Point de Rocam A1 Dashcam ejecutado en versión RoavA1SWV1.9. Un conjunto de credenciales por defecto se pueden usar para conectarse al dispositivo. • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0688 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4016
https://notcve.org/view.php?id=CVE-2018-4016
13 May 2019 — An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código factible en la funcionalidad de análisis de URL de Roav A1 Dashcam ejecutado en versión RoavA1SWV1.9. Un paquete especialmente creado puede generar un desbordamien... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0687 • CWE-787: Out-of-bounds Write •