Vulnerability-Lookup

CVE-2018-16225 (GCVE-0-2018-16225)

Vulnerability from cvelistv5 – Published: 2018-09-18 21:00 – Updated: 2024-08-05 10:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GSD-2018-16225

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-16225

Aliases

CVE-2018-16225

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16225",
    "description": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.",
    "id": "GSD-2018-16225"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16225"
      ],
      "details": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.",
      "id": "GSD-2018-16225",
      "modified": "2023-12-13T01:22:25.750319Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-16225",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20180916 [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability",
            "refsource": "FULLDISC",
            "url": "https://seclists.org/fulldisclosure/2018/Sep/21"
          },
          {
            "name": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/",
            "refsource": "MISC",
            "url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:qbeecam:qbee_multi-sensor_camera_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.16.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:qbeecam:qbee_multi-sensor_camera:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:qbeecam:qbeecam:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:swisscom:swisscom_home_app:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.7.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-16225"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180916 [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Sep/21"
            },
            {
              "name": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2018-09-18T21:29Z"
    }
  }
}

VAR-201809-0909

Vulnerability from variot - Updated: 2025-01-30 21:06

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera. QBee MultiSensor Camera Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Askey QBee MultiSensor Camera is a smart camera product of Askey Computer Company. A security vulnerability exists in Askey QBee MultiSensor Camera 4.16.4 and earlier versions. An attacker could exploit this vulnerability to reuse cookies, thereby bypassing authentication and disabling the camera.

[VulnerabilityType Other] Auth bypass using cookie

[Vendor of Product] QBee, Vestiacom, Swisscom

[Affected Product Code Base] QBee MultiSensor Camera <= 4.16.4 QBee Cam (Android) <= 1.0.5 (Fixed version number not yet available) QBee Cam (iOS) < 1.5.2 Swisscom Home App (Android) < 10.7.2 Swisscom Home App (iOS) < 10.9.0

[Affected Component] Network Traffic

[Attack Type] Remote

[Impact Denial of Service] true

[Impact Information Disclosure] true

[Attack Vectors] Reuse of intercepted cookies to authorize requests to camera and disable it

[Has vendor confirmed or acknowledged the vulnerability?] true

[Discoverer] Francesco Servida (University of Lausanne)

[Reference] https://francescoservida.ch/ https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability https://unil.ch/esc/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1d1OaNNWm59k5XpArHdrFWRKXbEFAlueyQcACgkQrHdrFWRK XbHlXA/+MwKRO1X7s85ViBEo0gaMNI2GIxioAwi7Hoqkn+jEEefBAkGLFy02F+MS 6i8f1C+AU88BJroihmuBhFklg6/d5qilQrym40MN2/qmr8g2ba7mayZxzRoa4jOn JAggmnLbv0ODV0aIJpWWWDOgLNyZgn2ZfBt7glnSifJ4TTNJUN0xNGUcsYCAfbjo zDjJknPFimxaM0ECJpNWMTMH2z8FJD8Cfb6uQjC9ZR6yy3Gd/xyyesyjcIf7L/56 bkVQUmzI3xLKIAISQ2WbqaMLemds69rWV3ePwrdyziUbkxflW0pKK9ObzcpoFkRD fOZvqPgvkbBpFyE2xbImqqHtgwYiI27oXPJyc183mrR3XTbfFfOuXwDJSrNYPTyp ZQwWyFAr25VqJriq4mfvr643U2ejexblwTi5Rnekf0spF2sFkjZGk1HLu095Yzx3 wThFmj8U8U/MyiUdRC8eW6Q/G0xw4lhqtQA8lxo5k7AOF9AkVImtYqk506Lx1JU8 LbJqy/3EoJleva5BWdBgTjH99zmbOHuvyGZRR8oNKDTBEUY3X2RnVeA3QUrhkEl5 Dgn1mJ/2Ztwyun6X3VcFoRQTAaHqfBb17EYzlE+92cU6SYxaFALO7PUBN/UUDIks Gd6uuT5pJB2P/RrPEqAp2vjqgwNXQuarp44oPXAsriWRwEzeUbg= =pHaV -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0909",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "home app",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "swisscom",
        "version": "10.7.2"
      },
      {
        "model": "qbeecam",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "qbeecam",
        "version": "1.0.5"
      },
      {
        "model": "qbee multi-sensor camera",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "qbeecam",
        "version": "4.16.4"
      },
      {
        "model": "qbee cam",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "qbee cam",
        "version": "1.0.5"
      },
      {
        "model": "multi-sensor camera",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "qbee cam",
        "version": "4.16.4"
      },
      {
        "model": "home app",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "swisscom",
        "version": "10.7.2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-797"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16225"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:qbeecam:qbeecam",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:qbeecam:qbee_multi-sensor_camera_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:swisscom:swisscom_home_app",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Francesco Servida",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "149413"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2018-16225",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2018-16225",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-126563",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-16225",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-16225",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-16225",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-797",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-126563",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126563"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-797"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16225"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera. QBee MultiSensor Camera Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Askey QBee MultiSensor Camera is a smart camera product of Askey Computer Company. A security vulnerability exists in Askey QBee MultiSensor Camera 4.16.4 and earlier versions. An attacker could exploit this vulnerability to reuse cookies, thereby bypassing authentication and disabling the camera. \n \n[VulnerabilityType Other]\n Auth bypass using cookie\n \n[Vendor of Product]\n QBee, Vestiacom, Swisscom\n \n[Affected Product Code Base]\n QBee MultiSensor Camera \u003c= 4.16.4\n QBee Cam (Android) \u003c= 1.0.5 (Fixed version number not yet available)\n QBee Cam (iOS) \u003c 1.5.2\n Swisscom Home App (Android) \u003c 10.7.2\n Swisscom Home App (iOS) \u003c 10.9.0\n \n[Affected Component]\n Network Traffic\n \n[Attack Type]\n Remote\n \n[Impact Denial of Service]\n true\n \n[Impact Information Disclosure]\n true\n \n[Attack Vectors]\n Reuse of intercepted cookies to authorize requests to camera and disable it\n \n[Has vendor confirmed or acknowledged the vulnerability?]\n true\n \n[Discoverer]\n Francesco Servida (University of Lausanne)\n \n[Reference]\n https://francescoservida.ch/\n https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability\n https://unil.ch/esc/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEE1d1OaNNWm59k5XpArHdrFWRKXbEFAlueyQcACgkQrHdrFWRK\nXbHlXA/+MwKRO1X7s85ViBEo0gaMNI2GIxioAwi7Hoqkn+jEEefBAkGLFy02F+MS\n6i8f1C+AU88BJroihmuBhFklg6/d5qilQrym40MN2/qmr8g2ba7mayZxzRoa4jOn\nJAggmnLbv0ODV0aIJpWWWDOgLNyZgn2ZfBt7glnSifJ4TTNJUN0xNGUcsYCAfbjo\nzDjJknPFimxaM0ECJpNWMTMH2z8FJD8Cfb6uQjC9ZR6yy3Gd/xyyesyjcIf7L/56\nbkVQUmzI3xLKIAISQ2WbqaMLemds69rWV3ePwrdyziUbkxflW0pKK9ObzcpoFkRD\nfOZvqPgvkbBpFyE2xbImqqHtgwYiI27oXPJyc183mrR3XTbfFfOuXwDJSrNYPTyp\nZQwWyFAr25VqJriq4mfvr643U2ejexblwTi5Rnekf0spF2sFkjZGk1HLu095Yzx3\nwThFmj8U8U/MyiUdRC8eW6Q/G0xw4lhqtQA8lxo5k7AOF9AkVImtYqk506Lx1JU8\nLbJqy/3EoJleva5BWdBgTjH99zmbOHuvyGZRR8oNKDTBEUY3X2RnVeA3QUrhkEl5\nDgn1mJ/2Ztwyun6X3VcFoRQTAaHqfBb17EYzlE+92cU6SYxaFALO7PUBN/UUDIks\nGd6uuT5pJB2P/RrPEqAp2vjqgwNXQuarp44oPXAsriWRwEzeUbg=\n=pHaV\n-----END PGP SIGNATURE-----\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126563"
      },
      {
        "db": "PACKETSTORM",
        "id": "149413"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-16225",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011476",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-797",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "149413",
        "trust": 0.2
      },
      {
        "db": "OTHER",
        "id": "NONE",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-126563",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-126563"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      },
      {
        "db": "PACKETSTORM",
        "id": "149413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-797"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16225"
      }
    ]
  },
  "id": "VAR-201809-0909",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-126563"
      }
    ],
    "trust": 0.02
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "camera device"
        ],
        "sub_category": "camera",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      }
    ]
  },
  "last_update_date": "2025-01-30T21:06:42.881000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://qbeecam.com/"
      },
      {
        "title": "Swisscom Home App",
        "trust": 0.8,
        "url": "https://www.swisscom.ch/en/residential/mobile/additional-services/apps/home-app.html"
      },
      {
        "title": "Askey QBee MultiSensor Camera Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84940"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-797"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-319",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-287",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126563"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16225"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://seclists.org/fulldisclosure/2018/sep/21"
      },
      {
        "trust": 1.7,
        "url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16225"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16225"
      },
      {
        "trust": 0.1,
        "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
      },
      {
        "trust": 0.1,
        "url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://francescoservida.ch/"
      },
      {
        "trust": 0.1,
        "url": "https://unil.ch/esc/"
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-126563"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      },
      {
        "db": "PACKETSTORM",
        "id": "149413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-797"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16225"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-126563"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      },
      {
        "db": "PACKETSTORM",
        "id": "149413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-797"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16225"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126563"
      },
      {
        "date": "2019-01-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      },
      {
        "date": "2018-09-18T01:01:11",
        "db": "PACKETSTORM",
        "id": "149413"
      },
      {
        "date": "2018-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-797"
      },
      {
        "date": "2018-09-18T21:29:02.840000",
        "db": "NVD",
        "id": "CVE-2018-16225"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126563"
      },
      {
        "date": "2019-01-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      },
      {
        "date": "2020-10-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-797"
      },
      {
        "date": "2024-11-21T03:52:19.257000",
        "db": "NVD",
        "id": "CVE-2018-16225"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-797"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "QBee MultiSensor Camera Authentication vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011476"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-797"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2018-16225

Vulnerability from fkie_nvd - Published: 2018-09-18 21:29 - Updated: 2024-11-21 03:52

Severity ?

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/	Exploit, Third Party Advisory
cve@mitre.org	https://seclists.org/fulldisclosure/2018/Sep/21	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2018/Sep/21	Mailing List, Third Party Advisory

Impacted products

Vendor	Product	Version
qbeecam	qbee_multi-sensor_camera_firmware	*
qbeecam	qbee_multi-sensor_camera	-
qbeecam	qbeecam	*
swisscom	swisscom_home_app	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qbeecam:qbee_multi-sensor_camera_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5193FFC2-AFF6-46A8-9F6F-785702F652EA",
              "versionEndIncluding": "4.16.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:qbeecam:qbee_multi-sensor_camera:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15EC5FFE-F2D9-4E36-8734-5E394B4542DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qbeecam:qbeecam:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "CEC017A4-F9D7-4302-87F5-2093381AB7EE",
              "versionEndIncluding": "1.0.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:swisscom:swisscom_home_app:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "AC780856-A6C6-4D4C-9F38-4B8FCCBDE4F9",
              "versionEndIncluding": "10.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera."
    },
    {
      "lang": "es",
      "value": "QBee MultiSensor Camera hasta la versi\u00f3n 4.16.4 acepta tr\u00e1fico de red sin cifrar desde los clientes (como la aplicaci\u00f3n QBee Cam hasta la versi\u00f3n 1.0.5 para Android y la aplicaci\u00f3n Swisscom Home hasta la versi\u00f3n 10.7.2 para Android), lo que resulta en que un atacante pueda reutilizar cookies para omitir la autenticaci\u00f3n y deshabilitar la c\u00e1mara."
    }
  ],
  "id": "CVE-2018-16225",
  "lastModified": "2024-11-21T03:52:19.257",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-18T21:29:02.840",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Sep/21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Sep/21"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VGPJ-CX57-3C5Q

Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-18T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.",
  "id": "GHSA-vgpj-cx57-3c5q",
  "modified": "2022-05-13T01:19:14Z",
  "published": "2022-05-13T01:19:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16225"
    },
    {
      "type": "WEB",
      "url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2018/Sep/21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-16225 (GCVE-0-2018-16225)

GSD-2018-16225

VAR-201809-0909

FKIE_CVE-2018-16225

GHSA-VGPJ-CX57-3C5Q

Tags

Sightings

Nomenclature