← Back to CVEs
CVE-2018-16225
N/ADescription
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
CVE Details
CVSS v3.1 ScoreN/A
Published9/18/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
qbeecam:qbee_multi-sensor_cameraqbeecam:qbee_multi-sensor_camera_firmwareqbeecam:qbeecamswisscom:swisscom_home_app
Weaknesses (CWE)
CWE-319
References
https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/(cve@mitre.org)
https://seclists.org/fulldisclosure/2018/Sep/21(cve@mitre.org)
https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/fulldisclosure/2018/Sep/21(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.