CVE-2019-12763: Insecure Data Storage Security Camera CZ


CVE

CVE-2019-12763

Vulnerable Software

Android App: Security Camera CZ <= 1.6.8

Vulnerability

Insecure Data Storage (M2, OWASP Mobile Top 10, 2016)

Time Line

  • 28.05.2019 Vendor informed
  • 29.05.2019 Vendor is trying to fix this within the next release
  • 29.05.2019 Disclosure

Description

The Application Security Camera CZ through 1.6.8 stores pictures of the recorded video on the external data storage.
These pictures could contain very sensitive and personal data, because it’s widely used as a web- or babycam.
The external data storage is write/ readable by every other app on the device.
This could lead to the exposure of very sensitive data through an malicous app.

References: