Details of VAR-201811-0326

ID

VAR-201811-0326

CVE

CVE-2018-16224

TITLE

iSmartAlarm Cube One Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-05541 // CNNVD: CNNVD-201811-086

DESCRIPTION

Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device. iSmartAlarm Cube One Contains an information disclosure vulnerability.Information may be obtained. iSmartAlarm Cube One is a smart home control device from iSmartAlarm. The vulnerability stems from the program failing to perform proper access control. Sensitive information. Multiple vulnerabilities have been identified in the QBee Camera (CVE-2018-16223) and iSmartAlarm devices (CVE-2018-16222 & CVE-2018-16224) and/or companion applications. https://blog.francescoservida.ch/2018/10/31/cve-2018-16222-to-16225-multiple-vulnerabilities-in-qbee-and-ismartalarm-products/ # CVE-2018-16222 ############### CVSS: 6.4 - AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Cleartext Storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. [VulnerabilityType Other] Cleartext Storage in a File or on Disk [Vendor of Product] iSmartAlarm [Affected Product Code Base] iSmartAlarm - <= 2.0.8 [Affected Component] iSmartAlermData.xml [Attack Type] Physical [Impact Information Disclosure] true [Attack Vectors] Extraction of iSmartAlermData.xml by any mean [Has vendor confirmed or acknowledged the vulnerability?] True # CVE-2018-16223 ############### CVSS: 6.4 - AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. [Vulnerability Type] Incorrect Access Control [Vendor of Product] iSmartAlarm [Affected Product Code Base] iSmartAlarm Cube One - <= 2.2.4.10 (Fixed version number not yet available) [Affected Component] Network Traffic, Diagnostic Informations [Attack Type] Remote [Impact Information Disclosure] true [Attack Vectors] A carefully crafted TCP request to port 12345 et 22306 [Has vendor confirmed or acknowledged the vulnerability?] true

Trust: 2.34

sources: NVD: CVE-2018-16224 // JVNDB: JVNDB-2018-012348 // CNVD: CNVD-2019-05541 // VULHUB: VHN-126562 // PACKETSTORM: 150165

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-05541

AFFECTED PRODUCTS

vendor:	ismartalarm	model:	cubeone	scope:	lte	version:	2.2.4.10	Trust: 1.0
vendor:	ismart alarm	model:	cubeone	scope:	lte	version:	2.2.4.10	Trust: 0.8
vendor:	ismartalarm	model:	cube one	scope:	lte	version:	<=2.2.4.10	Trust: 0.6
vendor:	ismartalarm	model:	cubeone	scope:	eq	version:	2.2.4.10	Trust: 0.6

sources: CNVD: CNVD-2019-05541 // JVNDB: JVNDB-2018-012348 // CNNVD: CNNVD-201811-086 // NVD: CVE-2018-16224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-16224
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-16224
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-05541
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201811-086
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-126562
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-16224
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-05541
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-126562
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-16224
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-05541 // VULHUB: VHN-126562 // JVNDB: JVNDB-2018-012348 // CNNVD: CNNVD-201811-086 // NVD: CVE-2018-16224

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-126562 // JVNDB: JVNDB-2018-012348 // NVD: CVE-2018-16224

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-086

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201811-086

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012348

PATCH

title:	Top Page	url:	https://www.ismartalarm.com/	Trust: 0.8
title:	Patch for iSmartAlarm Cube One Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/154707	Trust: 0.6
title:	iSmartAlarm Cube One Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86608	Trust: 0.6

sources: CNVD: CNVD-2019-05541 // JVNDB: JVNDB-2018-012348 // CNNVD: CNNVD-201811-086

EXTERNAL IDS

db:	NVD	id:	CVE-2018-16224	Trust: 3.2
db:	PACKETSTORM	id:	150165	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-012348	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-086	Trust: 0.7
db:	CNVD	id:	CNVD-2019-05541	Trust: 0.6
db:	VULHUB	id:	VHN-126562	Trust: 0.1

sources: CNVD: CNVD-2019-05541 // VULHUB: VHN-126562 // JVNDB: JVNDB-2018-012348 // PACKETSTORM: 150165 // CNNVD: CNNVD-201811-086 // NVD: CVE-2018-16224

REFERENCES

url:	http://packetstormsecurity.com/files/150165/qbee-camera-ismartalarm-credential-disclosure.html	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2018/nov/2	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16224	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16224	Trust: 0.8
url:	https://blog.francescoservida.ch/2018/10/31/cve-2018-16222-to-16225-multiple-vulnerabilities-in-qbee-and-ismartalarm-products/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16223	Trust: 0.1

sources: CNVD: CNVD-2019-05541 // VULHUB: VHN-126562 // JVNDB: JVNDB-2018-012348 // PACKETSTORM: 150165 // CNNVD: CNNVD-201811-086 // NVD: CVE-2018-16224

CREDITS

Francesco Servida

Trust: 0.1

sources: PACKETSTORM: 150165

SOURCES

db:	CNVD	id:	CNVD-2019-05541
db:	VULHUB	id:	VHN-126562
db:	JVNDB	id:	JVNDB-2018-012348
db:	PACKETSTORM	id:	150165
db:	CNNVD	id:	CNNVD-201811-086
db:	NVD	id:	CVE-2018-16224

LAST UPDATE DATE

2024-11-23T22:21:53.888000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-05541	date:	2019-09-26T00:00:00
db:	VULHUB	id:	VHN-126562	date:	2018-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-012348	date:	2019-02-01T00:00:00
db:	CNNVD	id:	CNNVD-201811-086	date:	2018-11-23T00:00:00
db:	NVD	id:	CVE-2018-16224	date:	2024-11-21T03:52:19.097

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-05541	date:	2019-02-27T00:00:00
db:	VULHUB	id:	VHN-126562	date:	2018-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-012348	date:	2019-02-01T00:00:00
db:	PACKETSTORM	id:	150165	date:	2018-11-05T20:47:02
db:	CNNVD	id:	CNNVD-201811-086	date:	2018-11-06T00:00:00
db:	NVD	id:	CVE-2018-16224	date:	2018-11-20T19:29:00.557