French Bug bounty hunter
Category : iot hacking
Time to read: 1 min read
Posted on Dec. 22, 2018, 6 p.m.
Here is an article about my first CVE : CVE-2018-20342
The vulnerability allows a root shell on the IP Camera Floureon SP012,
There is an UART Serial port accessible on the camera that lead to a root shell without password.
Here is a picture of the camera :
Here is an image of the UART Serial port with GND,RX and TX pins :
An attacker just have to connect to this pins with a baudrate of 115200 to get a root shell on the device.
This is my first CVE ever. I hope to find more in the future !