Neolex Security

CVE-2018-20342 : UART root shell on Floureon IP Camera SP012

Posted on: Dec. 22, 2018, 6 p.m.

Time to read: 1 min read

Here is an article about my first CVE : CVE-2018-20342

The vulnerability allows a root shell on the IP Camera Floureon SP012,

There is an UART Serial port accessible on the camera that lead to a root shell without password.

Here is a picture of the camera :

Here is an image of the UART Serial port with GND,RX and TX pins :

An attacker just have to connect to this pins with a baudrate of 115200 to get a root shell on the device.

This is my first CVE ever. I hope to find more in the future !