VAR-201602-0124
Vulnerability from variot - Updated: 2025-04-13 23:23Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions. Comcast XFINITY Home Security does not fail securely, which may be leveraged to avoid triggering alarm events. Comcast XFINITY Home Security The system has a problem in handling when the wireless connection between the sensor and the base station is broken, which may intentionally interfere with alarm generation. CWE-636: Not Failing Securely ('Failing Open') Comcast XFINITY Home Security Then, the frequency between the sensors and base stations that make up the system 2.4GHz , ZigBee We are communicating by protocol. Comcast XFINITY Home Security May not be alerted when wireless communication is interrupted, and it may take several minutes to several hours for communication to recover. Alerts will not occur while communication is interrupted. Therefore, by interfering with the wireless connection, Home Security It is possible to suppress the occurrence of alerts from. CWE-636: Not Failing Securely ('Failing Open') https://cwe.mitre.org/data/definitions/636.html For more information, Rapid7 See the blog post. Rapid7 Blog posts https://community.rapid7.com/community/infosec/blog/2016/01/05/r7-2015-23-comcast-xfinity-home-security-system-insecure-fail-open In addition, National Vulnerability Database (NVD) CVE-2016-2398 Then CWE-254 It is published as CWE-254: Security Features ( Security function ) http://cwe.mitre.org/data/definitions/254.htmlAlert operation may be interrupted. The ComcastXfinity Home Security System is Comcast's smart home monitoring system solution that provides residential alarms and services such as cable, internet and telephone services. Comcast XFINITY Home Security is a complete home security system from Comcast. The system provides functions such as online access security monitoring. A denial of service vulnerability exists in Comcast XFINITY Home Security. An attacker could use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xfinity home security system",
"scope": "eq",
"trust": 1.0,
"vendor": "comcast",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "comcast",
"version": null
},
{
"model": "xfinity home security",
"scope": null,
"trust": 0.8,
"vendor": "comcast",
"version": null
},
{
"model": "xfinity",
"scope": null,
"trust": 0.6,
"vendor": "comcast",
"version": null
},
{
"model": "xfinity home security system",
"scope": null,
"trust": 0.6,
"vendor": "comcast",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#418072"
},
{
"db": "CNVD",
"id": "CNVD-2016-00114"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-326"
},
{
"db": "NVD",
"id": "CVE-2016-2398"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:comcast:xfinity_home_security_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001001"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tod Beardsley and Phil Bosco of Rapid7.",
"sources": [
{
"db": "BID",
"id": "79863"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-301"
}
],
"trust": 0.9
},
"cve": "CVE-2016-2398",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2016-2398",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2016-00114",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2016-2398",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2398",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-2398",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2016-00114",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-326",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00114"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-326"
},
{
"db": "NVD",
"id": "CVE-2016-2398"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions. Comcast XFINITY Home Security does not fail securely, which may be leveraged to avoid triggering alarm events. Comcast XFINITY Home Security The system has a problem in handling when the wireless connection between the sensor and the base station is broken, which may intentionally interfere with alarm generation. CWE-636: Not Failing Securely (\u0027Failing Open\u0027) Comcast XFINITY Home Security Then, the frequency between the sensors and base stations that make up the system 2.4GHz , ZigBee We are communicating by protocol. Comcast XFINITY Home Security May not be alerted when wireless communication is interrupted, and it may take several minutes to several hours for communication to recover. Alerts will not occur while communication is interrupted. Therefore, by interfering with the wireless connection, Home Security It is possible to suppress the occurrence of alerts from. CWE-636: Not Failing Securely (\u0027Failing Open\u0027) https://cwe.mitre.org/data/definitions/636.html For more information, Rapid7 See the blog post. Rapid7 Blog posts https://community.rapid7.com/community/infosec/blog/2016/01/05/r7-2015-23-comcast-xfinity-home-security-system-insecure-fail-open In addition, National Vulnerability Database (NVD) CVE-2016-2398 Then CWE-254 It is published as CWE-254: Security Features ( Security function ) http://cwe.mitre.org/data/definitions/254.htmlAlert operation may be interrupted. The ComcastXfinity Home Security System is Comcast\u0027s smart home monitoring system solution that provides residential alarms and services such as cable, internet and telephone services. Comcast XFINITY Home Security is a complete home security system from Comcast. The system provides functions such as online access security monitoring. \nA denial of service vulnerability exists in Comcast XFINITY Home Security. An attacker could use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2398"
},
{
"db": "CERT/CC",
"id": "VU#418072"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001001"
},
{
"db": "CNVD",
"id": "CNVD-2016-00114"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-301"
},
{
"db": "BID",
"id": "79863"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#418072",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2016-2398",
"trust": 2.7
},
{
"db": "BID",
"id": "79863",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU94556181",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001001",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00114",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201601-301",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201602-326",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#418072"
},
{
"db": "CNVD",
"id": "CNVD-2016-00114"
},
{
"db": "BID",
"id": "79863"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-301"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-326"
},
{
"db": "NVD",
"id": "CVE-2016-2398"
}
]
},
"id": "VAR-201602-0124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00114"
}
],
"trust": 1.475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00114"
}
]
},
"last_update_date": "2025-04-13T23:23:41.438000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "XFINITY Home Security Systems",
"trust": 0.8,
"url": "http://www.xfinity.com/home-security"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001001"
},
{
"db": "NVD",
"id": "CVE-2016-2398"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://community.rapid7.com/community/infosec/blog/2016/01/05/r7-2015-23-comcast-xfinity-home-security-system-insecure-fail-open"
},
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/418072"
},
{
"trust": 2.4,
"url": "http://www.wired.com/2016/01/xfinitys-security-system-flaws-open-homes-to-thieves/"
},
{
"trust": 0.8,
"url": "http://www.xfinity.com/home-security"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/636.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2398"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94556181/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2398"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/79863"
},
{
"trust": 0.3,
"url": "http://www.xfinity.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#418072"
},
{
"db": "CNVD",
"id": "CNVD-2016-00114"
},
{
"db": "BID",
"id": "79863"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-301"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-326"
},
{
"db": "NVD",
"id": "CVE-2016-2398"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#418072"
},
{
"db": "CNVD",
"id": "CNVD-2016-00114"
},
{
"db": "BID",
"id": "79863"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-301"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-326"
},
{
"db": "NVD",
"id": "CVE-2016-2398"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-05T00:00:00",
"db": "CERT/CC",
"id": "VU#418072"
},
{
"date": "2016-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00114"
},
{
"date": "2016-01-05T00:00:00",
"db": "BID",
"id": "79863"
},
{
"date": "2016-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001001"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-301"
},
{
"date": "2016-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-326"
},
{
"date": "2016-02-17T16:59:02.457000",
"db": "NVD",
"id": "CVE-2016-2398"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-05T00:00:00",
"db": "CERT/CC",
"id": "VU#418072"
},
{
"date": "2016-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00114"
},
{
"date": "2016-07-06T14:07:00",
"db": "BID",
"id": "79863"
},
{
"date": "2016-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001001"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-301"
},
{
"date": "2016-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-326"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2398"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-301"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Comcast XFINITY Home Security Denial of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "79863"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-301"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-301"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-326"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…