CVE-2021-3577

Published: Nov 12, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.

Affected (21)

Products: Binatoneglobal: Halo+ Camera Firmware, Comfort 85 Connect Firmware, Mbp3855 Firmware, Focus 68 Firmware, Focus 72r Firmware, Cn28 Firmware, Cn50 Firmware, Comfort 40 Firmware, Comfort 50 Connect Firmware, Mbp4855 Firmware, Mbp3667 Firmware, Mbp669 Connect Firmware, Lux 64 Firmware, Lux 65 Firmware, Connect View 65 Firmware, Lux 85 Connect Firmware, Ease44 Firmware, Connect 20 Firmware, Mbp6855 Firmware, Cn40 Firmware, Cn75 Firmware

Binatoneglobal

21 products

Halo+ Camera Firmware

Comfort 85 Connect Firmware

Comfort 50 Connect Firmware

Mbp4855 Firmware

Mbp3667 Firmware

Mbp669 Connect Firmware

Lux 64 Firmware

Lux 65 Firmware

Connect View 65 Firmware

Lux 85 Connect Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Halo+ Camera Firmware	Before 03.50.14

Running on/with	Platform Versions
Binatoneglobal Halo+ Camera	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Comfort 85 Connect Firmware	Before 03.40.02

Running on/with	Platform Versions
Binatoneglobal Comfort 85 Connect	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Mbp3855 Firmware	Before 03.40.00

Running on/with	Platform Versions
Binatoneglobal Mbp3855	All versions

Configuration D

1 platform

Running on/with	Platform Versions
Binatoneglobal Focus 68	Version v100

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Focus 68 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Focus 68	Version v200

Configuration F

1 platform

Running on/with	Platform Versions
Binatoneglobal Focus 72r	Version v100

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Focus 72r Firmware	Before 03.40.00

Running on/with	Platform Versions
Binatoneglobal Focus 72r	Version v200

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Cn28 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Cn28	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Cn50 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Cn50	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Comfort 40 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Comfort 40	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Comfort 50 Connect Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Comfort 50 Connect	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Mbp4855 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Mbp4855	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Mbp3667 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Mbp3667	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Mbp669 Connect Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Mbp669 Connect	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Lux 64 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Lux 64	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Lux 65 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Lux 65	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Connect View 65 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Connect View 65	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Lux 85 Connect Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Lux 85 Connect	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Ease44 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Ease44	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Connect 20 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Connect 20	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Mbp6855 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Mbp6855	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Cn40 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Cn40	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binatoneglobal Cn75 Firmware	All versions

Running on/with	Platform Versions
Binatoneglobal Cn75	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://binatoneglobal.com/security-advisory/

Source: psirt@lenovo.com

Vendor Advisory

https://binatoneglobal.com/security-advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.