Francesco Servida

#9713de 53,633
28.4CVSS total
Vulnerabilidades · 4
Média
3
Crítica
1
PT-2018-13439
6.8
2018-11-20
Ismartalarm · Ismartalarm · CVE-2018-16222
**Name of the Vulnerable Software and Affected Versions** iSmartAlarm application versions through 2.0.8 for Android **Description** The issue concerns the storage of credentials in cleartext within the iSmartAlarmData.xml configuration file. This allows an attacker to retrieve the `username` and `password`. **Recommendations** For versions through 2.0.8, update to a version that fixes the cleartext storage of credentials to prevent unauthorized access to user credentials.
PT-2018-13440
9.8
2018-11-20
Vestia · Qbee Cam · CVE-2018-16223
**Name of the Vulnerable Software and Affected Versions** QBee Cam application version 1.0.5 and earlier **Description** The issue concerns insecure storage of credentials in the com.vestiacom.qbeecamera preferences.xml file, allowing an attacker to retrieve the `username` and `password`. **Recommendations** For QBee Cam application version 1.0.5 and earlier, update to a version that securely stores credentials, if available. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.
PT-2018-13441
5.3
2018-11-20
Ismartalarm · Ismartalarm Cube · CVE-2018-16224
**Name of the Vulnerable Software and Affected Versions** iSmartAlarm Cube versions 2.2.4.10 and earlier **Description** The issue concerns incorrect access control for diagnostic files, allowing an attacker to retrieve sensitive information from the device by sending a specifically crafted TCP request to port 12345 and 22306. **Recommendations** For versions 2.2.4.10 and earlier, update to a version that addresses the incorrect access control issue to prevent unauthorized access to diagnostic files.
PT-2018-13442
6.5
2018-09-18
Q Bee · Qbee Cam · CVE-2018-16225
**Name of the Vulnerable Software and Affected Versions** Q Bee MultiSensor Camera versions 4.16.4 and earlier Q Bee Cam application versions 1.0.5 and earlier for Android Swisscom Home application versions 10.7.2 and earlier for Android **Description** The issue allows an attacker to reuse cookies and bypass authentication, potentially disabling the camera, by accepting unencrypted network traffic from clients. **Recommendations** For QBee MultiSensor Camera versions 4.16.4 and earlier, update to a version that encrypts network traffic to prevent cookie reuse. For QBee Cam application versions 1.0.5 and earlier for Android, update to a version that uses encrypted communication with the camera. For Swisscom Home application versions 10.7.2 and earlier for Android, update to a version that supports secure connections to the camera.