Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam

Lilith Wyatt of Cisco Talos discovered these vulnerabilities.

Executive Summary�


Cisco Talos is disclosing multiple vulnerabilities in the Anker Roav A1 Dashcam and the Novatek NT9665X chipset. The Roav A1 Dashcam by Anker is a dashboard camera that allows users to connect using the Roav app for Android and iOS so that the users can toggle settings and download videos from the dashcam, along with a host of other features. These vulnerabilities could be leveraged by an attacker to gain arbitrary code execution on affected devices.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Novatek to ensure that some of these issues are resolved and that an update is available for affected customers. However, we were unable to contact Anker, therefore, TALOS-2018-0685, TALOS-2018-0687 and TALOS-2018-0688 remain unpatched.

Vulnerability Details


Anker Roav A1 Dashcam WifiCmd Code 9999 execution vulnerability (TALOS-2018-0685/CVE-2018-4014)

An exploitable code execution vulnerability exists in a Wifi Command of the Roav A1 Dashcam. A specially crafted packet can cause a stack-based buffer overflow. An attacker can send a packet to trigger this vulnerability, resulting in code execution on an affected device. For additional information, please see the advisory here.

Anker Roav A1 Dashcam stack overflow code execution vulnerability (TALOS-2018-0687/CVE-2018-4016)

The URL-parsing functionality of the Roav A1 Dashcam is vulnerable to code execution. A specially crafted packet can cause a stack-based buffer overflow. An attacker can send a packet to trigger this vulnerability, resulting in code execution on an affected dev ..