Neolex's blog

⯇ back

CVE-2018-20342 : UART root shell on Floureon IP Camera SP012

Category : iot hacking
1 min read
on Dec. 22, 2018, 6 p.m.

Here is an article about my first CVE : CVE-2018-20342

The vulnerability allows a root shell on the IP Camera Floureon SP012,

There is an UART Serial port accessible on the camera that lead to a root shell without password.

Here is a picture of the camera :

Here is an image of the UART Serial port with GND,RX and TX pins :

An attacker just have to connect to this pins with a baudrate of 115200 to get a root shell on the device.

This is my first CVE ever. I hope to find more in the future !