Search criteria
5 vulnerabilities found for qbeecam by qbeecam
VAR-201809-0909
Vulnerability from variot - Updated: 2025-01-30 21:06The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera. QBee MultiSensor Camera Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Askey QBee MultiSensor Camera is a smart camera product of Askey Computer Company. A security vulnerability exists in Askey QBee MultiSensor Camera 4.16.4 and earlier versions. An attacker could exploit this vulnerability to reuse cookies, thereby bypassing authentication and disabling the camera.
[VulnerabilityType Other] Auth bypass using cookie
[Vendor of Product] QBee, Vestiacom, Swisscom
[Affected Product Code Base] QBee MultiSensor Camera <= 4.16.4 QBee Cam (Android) <= 1.0.5 (Fixed version number not yet available) QBee Cam (iOS) < 1.5.2 Swisscom Home App (Android) < 10.7.2 Swisscom Home App (iOS) < 10.9.0
[Affected Component] Network Traffic
[Attack Type] Remote
[Impact Denial of Service] true
[Impact Information Disclosure] true
[Attack Vectors] Reuse of intercepted cookies to authorize requests to camera and disable it
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Francesco Servida (University of Lausanne)
[Reference] https://francescoservida.ch/ https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability https://unil.ch/esc/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE1d1OaNNWm59k5XpArHdrFWRKXbEFAlueyQcACgkQrHdrFWRK XbHlXA/+MwKRO1X7s85ViBEo0gaMNI2GIxioAwi7Hoqkn+jEEefBAkGLFy02F+MS 6i8f1C+AU88BJroihmuBhFklg6/d5qilQrym40MN2/qmr8g2ba7mayZxzRoa4jOn JAggmnLbv0ODV0aIJpWWWDOgLNyZgn2ZfBt7glnSifJ4TTNJUN0xNGUcsYCAfbjo zDjJknPFimxaM0ECJpNWMTMH2z8FJD8Cfb6uQjC9ZR6yy3Gd/xyyesyjcIf7L/56 bkVQUmzI3xLKIAISQ2WbqaMLemds69rWV3ePwrdyziUbkxflW0pKK9ObzcpoFkRD fOZvqPgvkbBpFyE2xbImqqHtgwYiI27oXPJyc183mrR3XTbfFfOuXwDJSrNYPTyp ZQwWyFAr25VqJriq4mfvr643U2ejexblwTi5Rnekf0spF2sFkjZGk1HLu095Yzx3 wThFmj8U8U/MyiUdRC8eW6Q/G0xw4lhqtQA8lxo5k7AOF9AkVImtYqk506Lx1JU8 LbJqy/3EoJleva5BWdBgTjH99zmbOHuvyGZRR8oNKDTBEUY3X2RnVeA3QUrhkEl5 Dgn1mJ/2Ztwyun6X3VcFoRQTAaHqfBb17EYzlE+92cU6SYxaFALO7PUBN/UUDIks Gd6uuT5pJB2P/RrPEqAp2vjqgwNXQuarp44oPXAsriWRwEzeUbg= =pHaV -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0909",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "home app",
"scope": "lte",
"trust": 1.8,
"vendor": "swisscom",
"version": "10.7.2"
},
{
"model": "qbeecam",
"scope": "lte",
"trust": 1.0,
"vendor": "qbeecam",
"version": "1.0.5"
},
{
"model": "qbee multi-sensor camera",
"scope": "lte",
"trust": 1.0,
"vendor": "qbeecam",
"version": "4.16.4"
},
{
"model": "qbee cam",
"scope": "lte",
"trust": 0.8,
"vendor": "qbee cam",
"version": "1.0.5"
},
{
"model": "multi-sensor camera",
"scope": "lte",
"trust": 0.8,
"vendor": "qbee cam",
"version": "4.16.4"
},
{
"model": "home app",
"scope": "eq",
"trust": 0.6,
"vendor": "swisscom",
"version": "10.7.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011476"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-797"
},
{
"db": "NVD",
"id": "CVE-2018-16225"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:qbeecam:qbeecam",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qbeecam:qbee_multi-sensor_camera_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:swisscom:swisscom_home_app",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011476"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francesco Servida",
"sources": [
{
"db": "PACKETSTORM",
"id": "149413"
}
],
"trust": 0.1
},
"cve": "CVE-2018-16225",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2018-16225",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-126563",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-16225",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16225",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-16225",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-797",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126563",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011476"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-797"
},
{
"db": "NVD",
"id": "CVE-2018-16225"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera. QBee MultiSensor Camera Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Askey QBee MultiSensor Camera is a smart camera product of Askey Computer Company. A security vulnerability exists in Askey QBee MultiSensor Camera 4.16.4 and earlier versions. An attacker could exploit this vulnerability to reuse cookies, thereby bypassing authentication and disabling the camera. \n \n[VulnerabilityType Other]\n Auth bypass using cookie\n \n[Vendor of Product]\n QBee, Vestiacom, Swisscom\n \n[Affected Product Code Base]\n QBee MultiSensor Camera \u003c= 4.16.4\n QBee Cam (Android) \u003c= 1.0.5 (Fixed version number not yet available)\n QBee Cam (iOS) \u003c 1.5.2\n Swisscom Home App (Android) \u003c 10.7.2\n Swisscom Home App (iOS) \u003c 10.9.0\n \n[Affected Component]\n Network Traffic\n \n[Attack Type]\n Remote\n \n[Impact Denial of Service]\n true\n \n[Impact Information Disclosure]\n true\n \n[Attack Vectors]\n Reuse of intercepted cookies to authorize requests to camera and disable it\n \n[Has vendor confirmed or acknowledged the vulnerability?]\n true\n \n[Discoverer]\n Francesco Servida (University of Lausanne)\n \n[Reference]\n https://francescoservida.ch/\n https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability\n https://unil.ch/esc/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEE1d1OaNNWm59k5XpArHdrFWRKXbEFAlueyQcACgkQrHdrFWRK\nXbHlXA/+MwKRO1X7s85ViBEo0gaMNI2GIxioAwi7Hoqkn+jEEefBAkGLFy02F+MS\n6i8f1C+AU88BJroihmuBhFklg6/d5qilQrym40MN2/qmr8g2ba7mayZxzRoa4jOn\nJAggmnLbv0ODV0aIJpWWWDOgLNyZgn2ZfBt7glnSifJ4TTNJUN0xNGUcsYCAfbjo\nzDjJknPFimxaM0ECJpNWMTMH2z8FJD8Cfb6uQjC9ZR6yy3Gd/xyyesyjcIf7L/56\nbkVQUmzI3xLKIAISQ2WbqaMLemds69rWV3ePwrdyziUbkxflW0pKK9ObzcpoFkRD\nfOZvqPgvkbBpFyE2xbImqqHtgwYiI27oXPJyc183mrR3XTbfFfOuXwDJSrNYPTyp\nZQwWyFAr25VqJriq4mfvr643U2ejexblwTi5Rnekf0spF2sFkjZGk1HLu095Yzx3\nwThFmj8U8U/MyiUdRC8eW6Q/G0xw4lhqtQA8lxo5k7AOF9AkVImtYqk506Lx1JU8\nLbJqy/3EoJleva5BWdBgTjH99zmbOHuvyGZRR8oNKDTBEUY3X2RnVeA3QUrhkEl5\nDgn1mJ/2Ztwyun6X3VcFoRQTAaHqfBb17EYzlE+92cU6SYxaFALO7PUBN/UUDIks\nGd6uuT5pJB2P/RrPEqAp2vjqgwNXQuarp44oPXAsriWRwEzeUbg=\n=pHaV\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16225"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011476"
},
{
"db": "VULHUB",
"id": "VHN-126563"
},
{
"db": "PACKETSTORM",
"id": "149413"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16225",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011476",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-797",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "149413",
"trust": 0.2
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-126563",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-126563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011476"
},
{
"db": "PACKETSTORM",
"id": "149413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-797"
},
{
"db": "NVD",
"id": "CVE-2018-16225"
}
]
},
"id": "VAR-201809-0909",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-126563"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:06:42.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://qbeecam.com/"
},
{
"title": "Swisscom Home App",
"trust": 0.8,
"url": "https://www.swisscom.ch/en/residential/mobile/additional-services/apps/home-app.html"
},
{
"title": "Askey QBee MultiSensor Camera Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84940"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011476"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011476"
},
{
"db": "NVD",
"id": "CVE-2018-16225"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://seclists.org/fulldisclosure/2018/sep/21"
},
{
"trust": 1.7,
"url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16225"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16225"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability"
},
{
"trust": 0.1,
"url": "https://francescoservida.ch/"
},
{
"trust": 0.1,
"url": "https://unil.ch/esc/"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-126563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011476"
},
{
"db": "PACKETSTORM",
"id": "149413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-797"
},
{
"db": "NVD",
"id": "CVE-2018-16225"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-126563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011476"
},
{
"db": "PACKETSTORM",
"id": "149413"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-797"
},
{
"db": "NVD",
"id": "CVE-2018-16225"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-126563"
},
{
"date": "2019-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011476"
},
{
"date": "2018-09-18T01:01:11",
"db": "PACKETSTORM",
"id": "149413"
},
{
"date": "2018-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-797"
},
{
"date": "2018-09-18T21:29:02.840000",
"db": "NVD",
"id": "CVE-2018-16225"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-126563"
},
{
"date": "2019-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011476"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-797"
},
{
"date": "2024-11-21T03:52:19.257000",
"db": "NVD",
"id": "CVE-2018-16225"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-797"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "QBee MultiSensor Camera Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011476"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-797"
}
],
"trust": 0.6
}
}
CVE-2018-16223 (GCVE-0-2018-16223)
Vulnerability from nvd – Published: 2018-11-20 19:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181102 [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Nov/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-20T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20181102 [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Nov/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181102 [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Nov/2"
},
{
"name": "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16223",
"datePublished": "2018-11-20T19:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16225 (GCVE-0-2018-16225)
Vulnerability from nvd – Published: 2018-09-18 21:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180916 [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-18T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180916 [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180916 [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Sep/21"
},
{
"name": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/",
"refsource": "MISC",
"url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16225",
"datePublished": "2018-09-18T21:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16223 (GCVE-0-2018-16223)
Vulnerability from cvelistv5 – Published: 2018-11-20 19:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181102 [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Nov/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-20T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20181102 [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Nov/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181102 [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Nov/2"
},
{
"name": "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16223",
"datePublished": "2018-11-20T19:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16225 (GCVE-0-2018-16225)
Vulnerability from cvelistv5 – Published: 2018-09-18 21:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180916 [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-18T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180916 [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180916 [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Sep/21"
},
{
"name": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/",
"refsource": "MISC",
"url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16225",
"datePublished": "2018-09-18T21:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}