{
  "id": "CVE-2022-40918",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-12-06T00:15:10.157",
  "lastModified": "2023-11-07T03:52:38.537",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > http://thiscomputer.com/ > https://www.bostoncyber.org/ > https://medium.com/@meekworth/exploiting-the-lw9621-drone-camera-module-773f00081368"
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el firmware lewei_cam versi\u00f3n binaria 2.0.10 en Force 1 Discovery Wifi U818A HD+ FPV Drone permite al atacante obtener la ejecuci\u00f3n remota de c\u00f3digo como usuario root a trav\u00e9s de un paquete UDP especialmente manipulado. Actualice la secci\u00f3n Referencia a estos enlaces > http://thiscomputer.com/ > https://www.bostoncyber.org/ > https://medium.com/@meekworth/exploiting-the-lw9621-drone-camera-module-773f00081368"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:force1rc:discovery_wifi_u818a_hd\\+_fpv_firmware:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F86D76-5D1E-4559-BE92-C69B009F5F1D"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:force1rc:discovery_wifi_u818a_hd\\+_fpv:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D807D0E4-A442-4857-BE2F-5D86A648F6CD"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://1af95112-6fd8-4c8f-8bd6-c47f8ef7b77a.filesusr.com/ugd/c1f861_51eb0d33d5764efc93e9d5f19c306950.pdf",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://medium.com/%40meekworth/exploiting-the-lw9621-drone-camera-module-773f00081368",
      "source": "cve@mitre.org"
    }
  ]
}