Free call

CVE-2019-12763: Insecure data storage security camera CZ

8. July 2019

CVE

CVE-2019-12763

Vulnerable software

Android App: Security Camera CZ <= 1.6.8

Vulnerability

Insecure data storage(M2, OWASP Mobile Top 10, 2016).

Timeline

  • 28.05.2019 Seller informed
  • 05/29/2019 The manufacturer is trying to fix this issue with the next version.
  • 29.05.2019 Disclosure

Description

The Security Camera CZ up to 1.6.8 application saves images of the recorded videos on the external data storage.
These images may contain very sensitive and personal data, as they are often used as webcams or babycams.
The external data storage can be written to and read by any other app on the device.
This could lead to very sensitive data being exposed by a malicious app.

References:

You are currently viewing a placeholder content from Facebook. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information
Unblock content Accept required service and unblock content

Similar posts

CVE-2009-1437: RCE in CoolPlayer+ <= 2.19.6 (Windows 10 Pro)

While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to [...]

Read more

19. February 2018

Vulnerability: Local Buffer Overflow in Personal FTP Server 8.0f(g)

  Vulnerable software FTP server 8.0f(g) Vulnerability Local Buffer Overflow (SEH protected)-> Code Execution Time Line 01/24/2018 Vendor informed 01/30/2018 [...]

Weiterlesen

20. February 2018

CVE-2018-16231: Remote DoS in Personal FTP Server <= 8.4f

CVE CVE-2018-16231 Vulnerable software FTP server <= 8.4f Vulnerability Remote denial of service Timeline 30.01.2018 Seller informed(also local BO ) [...]

Read more

25. August 2018

CVE-2018-7272: AM 5.0.0, 5.1.0

CVE CVE-2018-7272 Vulnerable software AM 5.0.0, 5.1.0 Vulnerability Unauthorized access Timeline 15.12.2017 Seller informs X.01.2018  Manufacturer has patched vulnerability 24.01.2018 Manufacturer [...]

Weiterlesen

25. August 2018