CVE-2023-30400
published 2023-06-07CVE-2023-30400: An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.47%
87.6th percentile
An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID or password.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anyka | ak3918ev300_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Command injection is triggered via a crafted Wi-Fi SSID or password field in the network configuration script on the AK3918EV300 MCU. Monitor or filter SSID/password inputs for shell metacharacters (e.g., ;, |, &&, $(), backticks) to detect exploitation attempts. ↗
- →The vulnerable device is the Anyka Microelectronics AK3918EV300 MCU v18 embedded in generic IP camera modules (spy/hidden cameras). Identify these devices on the network by their use of the LookCam app or similar rebranded companion apps, and by their peer-to-peer remote connectivity behaviour. ↗
- →The LookCam Android app (500k+ downloads on Google Play) is the companion app for the vulnerable module. Presence of this app on a network-connected device may indicate association with a vulnerable camera module. Monitor for LookCam app traffic as a pivot point for identifying vulnerable cameras. ↗
- ·The manufacturer was notified but showed no intention to fix the vulnerabilities. Patching or recalling affected cameras is considered infeasible due to supply chain complexity — defenders should assume no vendor patch will be issued and treat affected devices as permanently vulnerable. ↗
- ·The vulnerable module is an OEM component rebranded and resold by multiple vendors. The same AK3918EV300-based module may appear under many different product names and brands on platforms like Amazon, making asset identification by product name alone unreliable. ↗
- ·The P2P networking component embedded in the module is shared across over 50 million IoT devices from this ecosystem, meaning the attack surface extends well beyond spy cameras to any IoT device using the same P2P stack. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2023-06-07
Published