CVE-2017-16867

Опубликовано: 16 нояб. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving.

Ссылки

http://www.securityfocus.com/bid/101899
Third Party Advisory
VDB Entry
https://www.engadget.com/2017/11/16/amazon-key-hack-cloud-cam/
Issue Tracking
Third Party Advisory
https://www.theverge.com/2017/11/16/16665064/amazon-key-camera-disable
Issue Tracking
Third Party Advisory
https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/
Issue Tracking
Third Party Advisory
http://www.securityfocus.com/bid/101899
Third Party Advisory
VDB Entry
https://www.engadget.com/2017/11/16/amazon-key-hack-cloud-cam/
Issue Tracking
Third Party Advisory
https://www.theverge.com/2017/11/16/16665064/amazon-key-camera-disable
Issue Tracking
Third Party Advisory
https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:amazon:amazon_key_firmware:*:*:*:*:*:*:*:*

Версия до 2017-11-16 (включая)

cpe:2.3:h:amazon:amazon_key:-:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00812

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-g3fg-hc46-x2x7