PT-2018-13440 · Vestia · Qbee Cam
Francesco Servida
·
Published
2018-11-20
·
Updated
2019-10-03
·
CVE-2018-16223
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QBee Cam application version 1.0.5 and earlier
Description
The issue concerns insecure storage of credentials in the com.vestiacom.qbeecamera preferences.xml file, allowing an attacker to retrieve the
username and password.Recommendations
For QBee Cam application version 1.0.5 and earlier, update to a version that securely stores credentials, if available. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qbee Cam