The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
References
Link | Resource |
---|---|
https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/ | Exploit Third Party Advisory |
https://seclists.org/fulldisclosure/2018/Sep/21 | Mailing List Third Party Advisory |
https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/ | Exploit Third Party Advisory |
https://seclists.org/fulldisclosure/2018/Sep/21 | Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 03:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/ - Exploit, Third Party Advisory | |
References | () https://seclists.org/fulldisclosure/2018/Sep/21 - Mailing List, Third Party Advisory |
Information
Published : 2018-09-18 21:29
Updated : 2024-11-21 03:52
NVD link : CVE-2018-16225
Mitre link : CVE-2018-16225
CVE.ORG link : CVE-2018-16225
JSON object : View
Products Affected
qbeecam
- qbee_multi-sensor_camera
- qbee_multi-sensor_camera_firmware
- qbeecam
swisscom
- swisscom_home_app
CWE
CWE-319
Cleartext Transmission of Sensitive Information