Sign-up

ID

VAR-202004-2187


CVE

CVE-2019-17101


TITLE

Netatmo Smart Indoor Camera Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015479

DESCRIPTION

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions. Netatmo Smart Indoor Camera There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Attackers can use this vulnerability to execute commands

Trust: 2.25

sources: NVD: CVE-2019-17101 // JVNDB: JVNDB-2019-015479 // CNVD: CNVD-2020-33336 // VULMON: CVE-2019-17101

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device']sub_category:indoor camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-33336

AFFECTED PRODUCTS

vendor:netatmomodel:smart indoor camerascope: - version: -

Trust: 1.4

vendor:netatmomodel:smart indoor camerascope:ltversion:4.2.5

Trust: 1.0

sources: CNVD: CNVD-2020-33336 // JVNDB: JVNDB-2019-015479 // NVD: CVE-2019-17101

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-17101
value: MEDIUM

Trust: 1.0

cve-requests@bitdefender.com: CVE-2019-17101
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015479
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-33336
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2008
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-17101
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-17101
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015479
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-33336
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-17101
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve-requests@bitdefender.com: CVE-2019-17101
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.5
impactScore: 3.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015479
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-33336 // VULMON: CVE-2019-17101 // JVNDB: JVNDB-2019-015479 // CNNVD: CNNVD-202004-2008 // NVD: CVE-2019-17101 // NVD: CVE-2019-17101

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2019-015479 // NVD: CVE-2019-17101

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2008

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2008

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015479

PATCH
title:Top Pageurl:https://www.netatmo.com/en-us
Trust: 0.8
title:Patch for Netatmo Smart Indoor Camera injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/221869
Trust: 0.6
title:Netatmo Smart Indoor Camera Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116768
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33336 // 
            
            
            
            JVNDB: JVNDB-2019-015479 // 
            
            
            
            CNNVD: CNNVD-202004-2008

EXTERNAL IDS
db:NVDid:CVE-2019-17101
Trust: 3.2
db:JVNDBid:JVNDB-2019-015479
Trust: 0.8
db:CNVDid:CNVD-2020-33336
Trust: 0.6
db:CNNVDid:CNNVD-202004-2008
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULMONid:CVE-2019-17101
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-33336 // 
            
            
            
            VULMON: CVE-2019-17101 // 
            
            
            
            JVNDB: JVNDB-2019-015479 // 
            
            
            
            CNNVD: CNNVD-202004-2008 // 
            
            
            
            NVD: CVE-2019-17101

REFERENCES
url:https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-17101
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17101
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-33336 // 
            
            
            
            VULMON: CVE-2019-17101 // 
            
            
            
            JVNDB: JVNDB-2019-015479 // 
            
            
            
            CNNVD: CNNVD-202004-2008 // 
            
            
            
            NVD: CVE-2019-17101

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2020-33336
db:VULMONid:CVE-2019-17101
db:JVNDBid:JVNDB-2019-015479
db:CNNVDid:CNNVD-202004-2008
db:NVDid:CVE-2019-17101

LAST UPDATE DATE
2025-01-30T22:04:29.695000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-33336date:2020-06-16T00:00:00
db:VULMONid:CVE-2019-17101date:2021-10-29T00:00:00
db:JVNDBid:JVNDB-2019-015479date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-2008date:2021-11-02T00:00:00
db:NVDid:CVE-2019-17101date:2024-11-21T04:31:41.627

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-33336date:2020-06-16T00:00:00
db:VULMONid:CVE-2019-17101date:2020-04-23T00:00:00
db:JVNDBid:JVNDB-2019-015479date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-2008date:2020-04-23T00:00:00
db:NVDid:CVE-2019-17101date:2020-04-23T19:15:12.607