Sulkta-Coop/adacam
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
158 commits 2 branches 3 tags 6.6 MiB
Commit graph

2 commits

Author SHA1 Message Date
Kayos
de0c434942 docs: CVE-16 — unsigned USB firmware flash (physical RCE) 
- usb-updater installs .mender bundles with no signature verification
- /etc/mender has no artifact_verify_key (confirmed from firmware extraction)
- Also: movisoc-fwu updates bootloader from USB, also unsigned
- Camera pipeline is GStreamer+kmbcamsrc (not DepthAI) — key adacam insight
- 4K H.265 video recorded continuously (undisclosed — reinforces CVE-5)
 2026-03-14 10:54:42 -07:00
Kayos
210581cb30 docs: CVE log — 5 Hivemapper vulnerabilities documented 
CVE-1 (MCID15663720): Unauthenticated root RCE /api/1/cmd
CVE-2: Universal hardcoded WiFi credential 'hivemapper'
CVE-3: Undisclosed remote code execution via beekeeper-plugin
CVE-4: Operator MITM of all device HTTPS traffic (mitmproxy)
CVE-5: Covert incident video recording + upload (video-processor)

Hivemapper notified, responded with privacy policy link only.
90-day window expires 2026-06-07. Full public release after.
 2026-03-14 09:33:10 -07:00