CVE-2018-16225

{"id": "CVE-2018-16225", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-09-18T21:29:02.840", "references": [{"url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/fulldisclosure/2018/Sep/21", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera."}, {"lang": "es", "value": "QBee MultiSensor Camera hasta la versi\u00f3n 4.16.4 acepta tr\u00e1fico de red sin cifrar desde los clientes (como la aplicaci\u00f3n QBee Cam hasta la versi\u00f3n 1.0.5 para Android y la aplicaci\u00f3n Swisscom Home hasta la versi\u00f3n 10.7.2 para Android), lo que resulta en que un atacante pueda reutilizar cookies para omitir la autenticaci\u00f3n y deshabilitar la c\u00e1mara."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qbeecam:qbee_multi-sensor_camera_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5193FFC2-AFF6-46A8-9F6F-785702F652EA", "versionEndIncluding": "4.16.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qbeecam:qbee_multi-sensor_camera:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "15EC5FFE-F2D9-4E36-8734-5E394B4542DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qbeecam:qbeecam:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "CEC017A4-F9D7-4302-87F5-2093381AB7EE", "versionEndIncluding": "1.0.5"}, {"criteria": "cpe:2.3:a:swisscom:swisscom_home_app:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "AC780856-A6C6-4D4C-9F38-4B8FCCBDE4F9", "versionEndIncluding": "10.7.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}