CVE-2018-4018 Novatek NT9665X HTTP Upload Firmware Update Vulnerability

Tobi@s

Well-Known Member
App Developer
Joined
Nov 12, 2013
Messages
1,380
Reaction score
846
Location
Remote
Country
Germany
Dash Cam
none
I just stumbled across something interesting regarding novatek firmware hacking: There's a publicly acknowledged security vulerability (CVE) in Novatek firmwares.

CVE-2018-4018

Actually someone (Lilith from Cisco Talos) discovered a vulnerability in wifi enabled novatek dashcams.
You can read more details here:https://talosintelligence.com/vulnerability_reports/TALOS-2018-0689

Funny thing why I've found it is because it even mentions me and the checksum cracking (via ntkcalc and packing via bfc4ntk)

It's listed at MITRE and NIST:

According to their timeline, Novatek needs to know about the firmware hacking by now :LOL:
2019-01-22 - TWNCERT contacted Novatek and advised Novatek will check emails for reports
2019-03-06 - 90+ day follow up - Talos asks TWNCERT for direct point of contact for Novatek
2019-03-27 - Talos sends follow up to TWNCERT
2019-04-02 - Talos sends copies of email correspondence and reports to TWNCERT
2019-04-18 - Suggested pubic disclosure date of 2019-05-13 (171 days after initial disclosure)
2019-04-19 - Vendor fixed issue and provided patch to their IDH


Have a nice day,
Tobi@s
 
Thread starter Similar threads Forum Replies Date
Tobi@s Firmware Modifications 30
Back
Top