Primary

Context

Macro-video Technologies V380E6_C1 IP Camera UART Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability in the Macro-video Technologies V380E6_C1 IP camera, specifically in the hardware version HsAKPIQp_WF_XHR, allows a physically proximate attacker to execute arbitrary code. This issue arises from the camera's UART component, which can be accessed with hardcoded credentials.

Impact

Exploitation of this vulnerability provides root access to the camera's operating system via the UART interface.

Reproduction

The vulnerability can be reproduced by physically accessing the camera and connecting a FT232RL USB-UART converter to the UART test pads. After soldering wires to the appropriate pins, the camera can be powered on to establish a UART connection. Once connected, the camera's boot logs can be accessed, followed by a login prompt for the root shell. The hardcoded password 'gzhongshi' can be used to gain root access.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Macro-video Technologies V380E6_C1 IP Camera UART Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating