Details of VAR-201809-0909

ID

VAR-201809-0909

CVE

CVE-2018-16225

TITLE

QBee MultiSensor Camera Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011476

DESCRIPTION

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera. QBee MultiSensor Camera Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Askey QBee MultiSensor Camera is a smart camera product of Askey Computer Company. A security vulnerability exists in Askey QBee MultiSensor Camera 4.16.4 and earlier versions. An attacker could exploit this vulnerability to reuse cookies, thereby bypassing authentication and disabling the camera. [VulnerabilityType Other] Auth bypass using cookie [Vendor of Product] QBee, Vestiacom, Swisscom [Affected Product Code Base] QBee MultiSensor Camera <= 4.16.4 QBee Cam (Android) <= 1.0.5 (Fixed version number not yet available) QBee Cam (iOS) < 1.5.2 Swisscom Home App (Android) < 10.7.2 Swisscom Home App (iOS) < 10.9.0 [Affected Component] Network Traffic [Attack Type] Remote [Impact Denial of Service] true [Impact Information Disclosure] true [Attack Vectors] Reuse of intercepted cookies to authorize requests to camera and disable it [Has vendor confirmed or acknowledged the vulnerability?] true [Discoverer] Francesco Servida (University of Lausanne) [Reference] https://francescoservida.ch/ https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability https://unil.ch/esc/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE1d1OaNNWm59k5XpArHdrFWRKXbEFAlueyQcACgkQrHdrFWRK XbHlXA/+MwKRO1X7s85ViBEo0gaMNI2GIxioAwi7Hoqkn+jEEefBAkGLFy02F+MS 6i8f1C+AU88BJroihmuBhFklg6/d5qilQrym40MN2/qmr8g2ba7mayZxzRoa4jOn JAggmnLbv0ODV0aIJpWWWDOgLNyZgn2ZfBt7glnSifJ4TTNJUN0xNGUcsYCAfbjo zDjJknPFimxaM0ECJpNWMTMH2z8FJD8Cfb6uQjC9ZR6yy3Gd/xyyesyjcIf7L/56 bkVQUmzI3xLKIAISQ2WbqaMLemds69rWV3ePwrdyziUbkxflW0pKK9ObzcpoFkRD fOZvqPgvkbBpFyE2xbImqqHtgwYiI27oXPJyc183mrR3XTbfFfOuXwDJSrNYPTyp ZQwWyFAr25VqJriq4mfvr643U2ejexblwTi5Rnekf0spF2sFkjZGk1HLu095Yzx3 wThFmj8U8U/MyiUdRC8eW6Q/G0xw4lhqtQA8lxo5k7AOF9AkVImtYqk506Lx1JU8 LbJqy/3EoJleva5BWdBgTjH99zmbOHuvyGZRR8oNKDTBEUY3X2RnVeA3QUrhkEl5 Dgn1mJ/2Ztwyun6X3VcFoRQTAaHqfBb17EYzlE+92cU6SYxaFALO7PUBN/UUDIks Gd6uuT5pJB2P/RrPEqAp2vjqgwNXQuarp44oPXAsriWRwEzeUbg= =pHaV -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2018-16225 // JVNDB: JVNDB-2018-011476 // VULHUB: VHN-126563 // PACKETSTORM: 149413

IOT TAXONOMY

category:

['camera device']

sub_category:

camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	swisscom	model:	home app	scope:	lte	version:	10.7.2	Trust: 1.8
vendor:	qbeecam	model:	qbeecam	scope:	lte	version:	1.0.5	Trust: 1.0
vendor:	qbeecam	model:	qbee multi-sensor camera	scope:	lte	version:	4.16.4	Trust: 1.0
vendor:	qbee cam	model:	qbee cam	scope:	lte	version:	1.0.5	Trust: 0.8
vendor:	qbee cam	model:	multi-sensor camera	scope:	lte	version:	4.16.4	Trust: 0.8
vendor:	swisscom	model:	home app	scope:	eq	version:	10.7.2	Trust: 0.6

sources: JVNDB: JVNDB-2018-011476 // CNNVD: CNNVD-201809-797 // NVD: CVE-2018-16225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-16225
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-16225
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201809-797
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-126563
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-16225
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-126563
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-16225
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-126563 // JVNDB: JVNDB-2018-011476 // CNNVD: CNNVD-201809-797 // NVD: CVE-2018-16225

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.1
problemtype:	CWE-287	Trust: 0.9

sources: VULHUB: VHN-126563 // JVNDB: JVNDB-2018-011476 // NVD: CVE-2018-16225

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-797

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201809-797

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011476

PATCH

title:	Top Page	url:	http://qbeecam.com/	Trust: 0.8
title:	Swisscom Home App	url:	https://www.swisscom.ch/en/residential/mobile/additional-services/apps/home-app.html	Trust: 0.8
title:	Askey QBee MultiSensor Camera Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84940	Trust: 0.6

sources: JVNDB: JVNDB-2018-011476 // CNNVD: CNNVD-201809-797

EXTERNAL IDS

db:	NVD	id:	CVE-2018-16225	Trust: 2.7
db:	JVNDB	id:	JVNDB-2018-011476	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-797	Trust: 0.7
db:	PACKETSTORM	id:	149413	Trust: 0.2
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-126563	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-126563 // JVNDB: JVNDB-2018-011476 // PACKETSTORM: 149413 // CNNVD: CNNVD-201809-797 // NVD: CVE-2018-16225

REFERENCES

url:	https://seclists.org/fulldisclosure/2018/sep/21	Trust: 2.5
url:	https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16225	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16225	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability	Trust: 0.1
url:	https://francescoservida.ch/	Trust: 0.1
url:	https://unil.ch/esc/	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-126563 // JVNDB: JVNDB-2018-011476 // PACKETSTORM: 149413 // CNNVD: CNNVD-201809-797 // NVD: CVE-2018-16225

CREDITS

Francesco Servida

Trust: 0.1

sources: PACKETSTORM: 149413

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-126563
db:	JVNDB	id:	JVNDB-2018-011476
db:	PACKETSTORM	id:	149413
db:	CNNVD	id:	CNNVD-201809-797
db:	NVD	id:	CVE-2018-16225

LAST UPDATE DATE

2025-01-30T21:06:42.881000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-126563	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-011476	date:	2019-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201809-797	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-16225	date:	2024-11-21T03:52:19.257

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-126563	date:	2018-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-011476	date:	2019-01-15T00:00:00
db:	PACKETSTORM	id:	149413	date:	2018-09-18T01:01:11
db:	CNNVD	id:	CNNVD-201809-797	date:	2018-09-19T00:00:00
db:	NVD	id:	CVE-2018-16225	date:	2018-09-18T21:29:02.840