CVE-2019-12763: Insecure data storage security camera CZ

8. July 2019



Vulnerable software

Android App: Security Camera CZ <= 1.6.8


Insecure data storage(M2, OWASP Mobile Top 10, 2016).


  • 28.05.2019 Seller informed
  • 05/29/2019 The manufacturer is trying to fix this issue with the next version.
  • 29.05.2019 Disclosure


The Security Camera CZ application up to 1.6.8 saves images of the recorded videos to the external data storage.
These images could contain very sensitive and personal data, as they are often used as a webcam or baby cam.
The external data storage can be written and read by any other app on the device.
This could lead to very sensitive data being exposed by a malicious app.


Similar posts

While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to [...]

19. February 2018

  Vulnerable software FTP server 8.0f(g) Vulnerability Local Buffer Overflow (SEH protected)-> Code Execution Time Line 01/24/2018 Vendor informed 01/30/2018 [...]

20. February 2018

CVE CVE-2018-16231 Vulnerable software FTP server <= 8.4f Vulnerability Remote denial of service Timeline 30.01.2018 Seller informed(also local BO ) [...]

25. August 2018

CVE CVE-2018-7272 Vulnerable software AT 5.0.0, 5.1.0 Vulnerability Unauthorized access Timeline 15.12.2017 Seller informs X.01.2018  Manufacturer has patched vulnerability 24.01.2018 Manufacturer [...]

25. August 2018