An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version "RoavA1SWV1.9.” A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability.
Anker Roav A1 Dashcam RoavA1SWV1.9
7.1 - CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-798: Use of Hard-coded Credentials
The Roav A1 Dashcam by Anker is a dashboard camera that allows users to connect using the Roav app for Android and iOS so that they can toggle settings and download videos from the dashcam, along with a host of other features. In order to do this, users must first enable the “Wi-Fi AP” setting manually on the dashcam, and then connect to the “RoavA1” SSID, with the default password of “goroavcam.”
From here, it’s not required that the user changes the default password, although it is an available option. As such, the combination of this default credential and the manual start of the Wi-Fi AP itself serve as the only means of protection from attackers (due to the lack of authentication anywhere else).
2018-10-29 - Vendor Disclosure
2018-11-02 - 2nd vendor contact
2018-11-05 - Vendor acknowledged & created ticket reference
2019-01-03 - 60 day follow up; Vendor closed ticket and advised issue under review with Engineering team; Talos requested point of contact for Engineering team
2019-03-06 - 90 + day follow up
2019-03-27 - Final notice of public disclosure
2019-04-18 - Suggested public disclosure date (171 days after initial disclosure) 2019-05-13 - Public Release
Discovered by Lilith of Cisco Talos.