CVE-2018-12499

Published: Jul 2, 2018Modified: Nov 21, 2024

7.4

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate.

Affected (1)

Products: Motorola: Mbp853 Firmware

1 product

Mbp853 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Motorola Mbp853 Firmware	All versions

Running on/with	Platform Versions
Motorola Mbp853	All versions

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://blog.sean-wright.com/cve-2018-12499/

Source: cve@mitre.org

Third Party Advisory

https://blog.sean-wright.com/cve-2018-12499/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.