CVE-2018-4027
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability.
Se presenta una vulnerabilidad de Denegación de Servicio (DoS) explotable en el comando Wi-Fi XML_UploadFile de NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. Un paquete especialmente manipulado puede provocar un interbloqueo de semáforo, lo que evita que el dispositivo reciba entradas físicas o de red. Un atacante puede enviar un paquete especialmente creado para activar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-02 CVE Reserved
- 2019-05-13 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-662: Improper Synchronization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2018-0699 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Anker-in Search vendor "Anker-in" | Roav Dashcam A1 Firmware Search vendor "Anker-in" for product "Roav Dashcam A1 Firmware" | 1.9 Search vendor "Anker-in" for product "Roav Dashcam A1 Firmware" and version "1.9" | - |
Affected
| in | Anker-in Search vendor "Anker-in" | Roav Dashcam A1 Search vendor "Anker-in" for product "Roav Dashcam A1" | - | - |
Safe
|