← Volver a CVEs
CVE-2018-16225
N/ADescripcion
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado9/18/2018
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
qbeecam:qbee_multi-sensor_cameraqbeecam:qbee_multi-sensor_camera_firmwareqbeecam:qbeecamswisscom:swisscom_home_app
Debilidades (CWE)
CWE-319
Referencias
https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/(cve@mitre.org)
https://seclists.org/fulldisclosure/2018/Sep/21(cve@mitre.org)
https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/fulldisclosure/2018/Sep/21(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.