Описание
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
Ссылки
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.16.4 (включая)
Одновременно
cpe:2.3:o:qbeecam:qbee_multi-sensor_camera_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:qbeecam:qbee_multi-sensor_camera:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.0.5 (включая)Версия до 10.7.2 (включая)
Одно из
cpe:2.3:a:qbeecam:qbeecam:*:*:*:*:*:android:*:*
cpe:2.3:a:swisscom:swisscom_home_app:*:*:*:*:*:android:*:*
EPSS
Процентиль: 21%
0.00067
Низкий
6.5 Medium
CVSS3
6.1 Medium
CVSS2
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
EPSS
Процентиль: 21%
0.00067
Низкий
6.5 Medium
CVSS3
6.1 Medium
CVSS2
Дефекты
CWE-319