← Back

CVE-2018-16225

nvd nist
Published: Sep 18, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.

Affected (3)

Qbeecam
2 products
Qbee Multi Sensor Camera Firmware
Qbeecam
Swisscom
1 product
Swisscom Home App
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Qbee Multi Sensor Camera Firmware
Up to 4.16.4
Running on/withPlatform Versions
Qbeecam
Qbee Multi Sensor Camera
All versions
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Qbeecam
Up to 1.0.5
Swisscom Home App
Up to 10.7.2

Related CWEs

CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.