CVE-2019-12763: Insecure data storage security camera CZ

CVE, Vulnerabilities

8. July 2019

CVE

Vulnerable software

Android App: Security Camera CZ <= 1.6.8

Vulnerability

Insecure data storage(M2, OWASP Mobile Top 10, 2016).

Timeline

28.05.2019 Seller informed
05/29/2019 The manufacturer is trying to fix this issue with the next version.
29.05.2019 Disclosure

Description

The Security Camera CZ application up to 1.6.8 saves images of the recorded videos to the external data storage.
These images could contain very sensitive and personal data, as they are often used as a webcam or baby cam.
The external data storage can be written and read by any other app on the device.
This could lead to very sensitive data being exposed by a malicious app.

References:

Similar posts

CVE, Deep Dive Techniques, Vulnerabilities

CVE-2009-1437: RCE in CoolPlayer+ <= 2.19.6 (Windows 10 Pro)

While doing my preperation for the OSCE i found an nbsp exploit for the coolpalyer+ version 2 19 1 from [...]

19. February 2018

CVE, Vulnerabilities

Vulnerability: Local Buffer Overflow in Personal FTP Server 8.0f(g)

nbsp Vulnerable software FTP server 8 0f g Vulnerability Local Buffer Overflow SEH protected gt Code Execution Time Line [...]

20. February 2018

CVE, Vulnerabilities

CVE-2018-16231: Remote DoS in Personal FTP Server <= 8.4f

CVE CVE 2018 16231 Vulnerable software FTP server lt = 8 4f Vulnerability Remote denial of service Timeline 30 01 [...]

25. August 2018

CVE, Vulnerabilities

CVE-2018-7272: AM 5.0.0, 5.1.0

CVE CVE 2018 7272 Vulnerable software AT nbsp 5 0 0 5 1 0 Vulnerability Unauthorized access Timeline 15 12 [...]

25. August 2018