Back
Owlet Camera OS Command Injection
Publication date: May 15th, 2024
CVSS scrore:
7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products:
Cam v2
Vulnerability details:
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
Credit:
Alexandru Lazar & Radu Basaraba, Bitdefender Labs