CVE-2018-16225
Summary
| CVE | CVE-2018-16225 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-09-18 21:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera. |
Risk And Classification
Problem Types: CWE-319
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Qbeecam | Qbeecam | All | All | All | All |
| Hardware | Qbeecam | Qbee Multi-sensor Camera | - | All | All | All |
| Hardware | Qbeecam | Qbee Multi-sensor Camera | - | All | All | All |
| Operating System | Qbeecam | Qbee Multi-sensor Camera Firmware | All | All | All | All |
| Application | Swisscom | Swisscom Home App | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [CVE-2018-16225] Public Disclosure – QBee Camera Vulnerability – Francesco Servida's Blog | MISC | blog.francescoservida.ch | Exploit, Third Party Advisory |
| Full Disclosure: [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.