PT-2018-13442 · Q Bee+1 · Qbee Cam+2
Francesco Servida
·
Publicado
2018-09-18
·
Atualizado
2020-08-24
·
CVE-2018-16225
CVSS v3.1
6.5
Média
| Vetor | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Q Bee MultiSensor Camera versions 4.16.4 and earlier
Q Bee Cam application versions 1.0.5 and earlier for Android
Swisscom Home application versions 10.7.2 and earlier for Android
Description
The issue allows an attacker to reuse cookies and bypass authentication, potentially disabling the camera, by accepting unencrypted network traffic from clients.
Recommendations
For QBee MultiSensor Camera versions 4.16.4 and earlier, update to a version that encrypts network traffic to prevent cookie reuse.
For QBee Cam application versions 1.0.5 and earlier for Android, update to a version that uses encrypted communication with the camera.
For Swisscom Home application versions 10.7.2 and earlier for Android, update to a version that supports secure connections to the camera.
Exploit
Correção
Cleartext Transmission of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Qbee Cam
Q Bee Multisensor Camera
Swisscom Home