Vulnerability Description
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qbeecam | Qbee Multi-Sensor Camera Firmware | <= 4.16.4 |
| Qbeecam | Qbee Multi-Sensor Camera | - |
| Qbeecam | Qbeecam | <= 1.0.5 |
| Swisscom | Swisscom Home App | <= 10.7.2 |
Related Weaknesses (CWE)
References
- https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbeExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2018/Sep/21Mailing ListThird Party Advisory
- https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbeExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2018/Sep/21Mailing ListThird Party Advisory
FAQ
What is CVE-2018-16225?
CVE-2018-16225 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 f...
How severe is CVE-2018-16225?
CVE-2018-16225 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16225?
Check the references section above for vendor advisories and patch information. Affected products include: Qbeecam Qbee Multi-Sensor Camera Firmware, Qbeecam Qbee Multi-Sensor Camera, Qbeecam Qbeecam, Swisscom Swisscom Home App.