CVE ID | CVE-2014-6434 |
CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
AFFECTED VENDORS |
GoPro |
AFFECTED PRODUCTS |
HERO 3+ |
VULNERABILITY DETAILS |
The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the a1/a2 parameters when the c1/c2 parameters are set to "restart". Successful exploitation will allow an attacker to execute arbitrary commands on the target device.
|
ADDITIONAL DETAILS |
03/08/2014 - ZDI reached out to the vendor -- Vendor Response: GoPro intends to address this Hero 3 Plus issue in the next release for the product, and will update ZDI with a link to the GoPro website at that time.
|
DISCLOSURE TIMELINE |
|
CREDIT | Brian Gorenc - HP Zero Day Initiative |