PT-2018-13442 · Q Bee+1 · Qbee Cam+2
Francesco Servida
·
Published
2018-09-18
·
Updated
2020-08-24
·
CVE-2018-16225
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Q Bee MultiSensor Camera versions 4.16.4 and earlier
Q Bee Cam application versions 1.0.5 and earlier for Android
Swisscom Home application versions 10.7.2 and earlier for Android
Description
The issue allows an attacker to reuse cookies and bypass authentication, potentially disabling the camera, by accepting unencrypted network traffic from clients.
Recommendations
For QBee MultiSensor Camera versions 4.16.4 and earlier, update to a version that encrypts network traffic to prevent cookie reuse.
For QBee Cam application versions 1.0.5 and earlier for Android, update to a version that uses encrypted communication with the camera.
For Swisscom Home application versions 10.7.2 and earlier for Android, update to a version that supports secure connections to the camera.
Exploit
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qbee Cam
Q Bee Multisensor Camera
Swisscom Home