Blog Neolex

French Bug bounty hunter

< back

CVE-2018-20342 : UART root shell on Floureon IP Camera SP012

Category : iot hacking

Time to read: 1 min read

Posted on Dec. 22, 2018, 6 p.m.

Here is an article about my first CVE : CVE-2018-20342

The vulnerability allows a root shell on the IP Camera Floureon SP012,

There is an UART Serial port accessible on the camera that lead to a root shell without password.

Here is a picture of the camera :

Here is an image of the UART Serial port with GND,RX and TX pins :

An attacker just have to connect to this pins with a baudrate of 115200 to get a root shell on the device.

This is my first CVE ever. I hope to find more in the future !