Canon Camera
Canon Camera's¶
- Firmware is easily downloadable but is AES encrypted
- Using the ROM Dumper getting the rom from a camera was possible
- Using that with iDA was able to search for vulnerabilities that start at the at buffer
- CVE-2019-5998 – Buffer Overflow in NotifyBtStatus – 0x91F9
- CVE-2019-5999 – Buffer Overflow in BLERequest – 0x914C
- CVE-2019-6000 – Buffer Overflow in SendHostInfo – 0x91E4
- CVE-2019-6001 – Buffer Overflow in SetAdapterBatteryReport – 0x91FD
- Using that with iDA was able to search for vulnerabilities that start at the at buffer