VAR-201811-0326
Vulnerability from variot - Updated: 2024-11-23 22:21Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device. iSmartAlarm Cube One Contains an information disclosure vulnerability.Information may be obtained. iSmartAlarm Cube One is a smart home control device from iSmartAlarm. The vulnerability stems from the program failing to perform proper access control. Sensitive information. Multiple vulnerabilities have been identified in the QBee Camera (CVE-2018-16223) and iSmartAlarm devices (CVE-2018-16222 & CVE-2018-16224) and/or companion applications.
https://blog.francescoservida.ch/2018/10/31/cve-2018-16222-to-16225-multiple-vulnerabilities-in-qbee-and-ismartalarm-products/
CVE-2018-16222
CVSS: 6.4 - AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Cleartext Storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. [VulnerabilityType Other] Cleartext Storage in a File or on Disk [Vendor of Product] iSmartAlarm [Affected Product Code Base] iSmartAlarm - <= 2.0.8 [Affected Component] iSmartAlermData.xml [Attack Type] Physical [Impact Information Disclosure] true [Attack Vectors] Extraction of iSmartAlermData.xml by any mean [Has vendor confirmed or acknowledged the vulnerability?] True
CVE-2018-16223
CVSS: 6.4 - AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. [Vulnerability Type] Incorrect Access Control [Vendor of Product] iSmartAlarm [Affected Product Code Base] iSmartAlarm Cube One - <= 2.2.4.10 (Fixed version number not yet available) [Affected Component] Network Traffic, Diagnostic Informations [Attack Type] Remote [Impact Information Disclosure] true [Attack Vectors] A carefully crafted TCP request to port 12345 et 22306 [Has vendor confirmed or acknowledged the vulnerability?] true
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0326",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cubeone",
"scope": "lte",
"trust": 1.0,
"vendor": "ismartalarm",
"version": "2.2.4.10"
},
{
"model": "cubeone",
"scope": "lte",
"trust": 0.8,
"vendor": "ismart alarm",
"version": "2.2.4.10"
},
{
"model": "cube one",
"scope": "lte",
"trust": 0.6,
"vendor": "ismartalarm",
"version": "\u003c=2.2.4.10"
},
{
"model": "cubeone",
"scope": "eq",
"trust": 0.6,
"vendor": "ismartalarm",
"version": "2.2.4.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05541"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012348"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-086"
},
{
"db": "NVD",
"id": "CVE-2018-16224"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ismartalarm:cube_one_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012348"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francesco Servida",
"sources": [
{
"db": "PACKETSTORM",
"id": "150165"
}
],
"trust": 0.1
},
"cve": "CVE-2018-16224",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-16224",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-05541",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-126562",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2018-16224",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16224",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-16224",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-05541",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126562",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05541"
},
{
"db": "VULHUB",
"id": "VHN-126562"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012348"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-086"
},
{
"db": "NVD",
"id": "CVE-2018-16224"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device. iSmartAlarm Cube One Contains an information disclosure vulnerability.Information may be obtained. iSmartAlarm Cube One is a smart home control device from iSmartAlarm. The vulnerability stems from the program failing to perform proper access control. Sensitive information. Multiple vulnerabilities have been identified in the QBee Camera (CVE-2018-16223) and iSmartAlarm devices (CVE-2018-16222 \u0026 CVE-2018-16224) and/or companion applications. \n\nhttps://blog.francescoservida.ch/2018/10/31/cve-2018-16222-to-16225-multiple-vulnerabilities-in-qbee-and-ismartalarm-products/\n\n# CVE-2018-16222\n###############\n\nCVSS: 6.4 - AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n\nCleartext Storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. \n[VulnerabilityType Other]\n Cleartext Storage in a File or on Disk\n[Vendor of Product]\n iSmartAlarm\n[Affected Product Code Base]\n iSmartAlarm - \u003c= 2.0.8\n[Affected Component]\n iSmartAlermData.xml\n[Attack Type]\n Physical\n[Impact Information Disclosure]\n true\n[Attack Vectors]\n Extraction of iSmartAlermData.xml by any mean\n[Has vendor confirmed or acknowledged the vulnerability?]\n True\n\n\n# CVE-2018-16223\n###############\n\nCVSS: 6.4 - AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n\nInsecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. \n[Vulnerability Type]\n Incorrect Access Control\n[Vendor of Product]\n iSmartAlarm\n[Affected Product Code Base]\n iSmartAlarm Cube One - \u003c= 2.2.4.10 (Fixed version number not yet available)\n[Affected Component]\n Network Traffic, Diagnostic Informations\n[Attack Type]\n Remote\n[Impact Information Disclosure]\n true\n[Attack Vectors]\n A carefully crafted TCP request to port 12345 et 22306\n[Has vendor confirmed or acknowledged the vulnerability?]\n true\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16224"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012348"
},
{
"db": "CNVD",
"id": "CNVD-2019-05541"
},
{
"db": "VULHUB",
"id": "VHN-126562"
},
{
"db": "PACKETSTORM",
"id": "150165"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16224",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "150165",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012348",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-086",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-05541",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-126562",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05541"
},
{
"db": "VULHUB",
"id": "VHN-126562"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012348"
},
{
"db": "PACKETSTORM",
"id": "150165"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-086"
},
{
"db": "NVD",
"id": "CVE-2018-16224"
}
]
},
"id": "VAR-201811-0326",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05541"
},
{
"db": "VULHUB",
"id": "VHN-126562"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05541"
}
]
},
"last_update_date": "2024-11-23T22:21:53.888000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.ismartalarm.com/"
},
{
"title": "Patch for iSmartAlarm Cube One Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/154707"
},
{
"title": "iSmartAlarm Cube One Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86608"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05541"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012348"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126562"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012348"
},
{
"db": "NVD",
"id": "CVE-2018-16224"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/150165/qbee-camera-ismartalarm-credential-disclosure.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2018/nov/2"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16224"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16224"
},
{
"trust": 0.1,
"url": "https://blog.francescoservida.ch/2018/10/31/cve-2018-16222-to-16225-multiple-vulnerabilities-in-qbee-and-ismartalarm-products/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16223"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05541"
},
{
"db": "VULHUB",
"id": "VHN-126562"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012348"
},
{
"db": "PACKETSTORM",
"id": "150165"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-086"
},
{
"db": "NVD",
"id": "CVE-2018-16224"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-05541"
},
{
"db": "VULHUB",
"id": "VHN-126562"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012348"
},
{
"db": "PACKETSTORM",
"id": "150165"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-086"
},
{
"db": "NVD",
"id": "CVE-2018-16224"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-05541"
},
{
"date": "2018-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-126562"
},
{
"date": "2019-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012348"
},
{
"date": "2018-11-05T20:47:02",
"db": "PACKETSTORM",
"id": "150165"
},
{
"date": "2018-11-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-086"
},
{
"date": "2018-11-20T19:29:00.557000",
"db": "NVD",
"id": "CVE-2018-16224"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-05541"
},
{
"date": "2018-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-126562"
},
{
"date": "2019-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012348"
},
{
"date": "2018-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-086"
},
{
"date": "2024-11-21T03:52:19.097000",
"db": "NVD",
"id": "CVE-2018-16224"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iSmartAlarm Cube One Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05541"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-086"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-086"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…