CVE-2017-8403

Name of the Vulnerable Software and Affected Versions 360fly 4K cameras version 2.1.4

Description The issue allows unauthenticated changes to Wi-Fi passwords and provides complete access through REST by exploiting the Bluetooth Low Energy pairing procedure. This procedure is available at any time and does not require a password. Exploitation can be achieved using the 360fly Android or iOS application, or the BlueZ gatttool program.

Recommendations For version 2.1.4, consider disabling the Bluetooth Low Energy pairing procedure until a patch is available to prevent unauthenticated access. Restrict access to the REST interface to minimize the risk of exploitation. Avoid using the 360fly Android or iOS application, or the BlueZ gatttool program, to interact with the camera until the issue is resolved.