[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products
From: Francesco Servida <francesco.servida () unil ! ch>
Date: 2018-10-31 18:25:27
Message-ID: AEAAB493-3EBC-4BD9-9397-960B740177B2 () unil ! ch
[Download RAW message or body]
Multiple vulnerabilities have been identified in the QBee Camera (CVE-2018-16223) and \
iSmartAlarm devices (CVE-2018-16222 & CVE-2018-16224) and/or companion applications.
https://blog.francescoservida.ch/2018/10/31/cve-2018-16222-to-16225-multiple-vulnerabilities-in-qbee-and-ismartalarm-products/
# CVE-2018-16222
###############
CVSS: 6.4 - AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Cleartext Storage of credentials in the iSmartAlermData.xml configuration file in the \
iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username \
and password. [VulnerabilityType Other]
Cleartext Storage in a File or on Disk
[Vendor of Product]
iSmartAlarm
[Affected Product Code Base]
iSmartAlarm - <= 2.0.8
[Affected Component]
iSmartAlermData.xml
[Attack Type]
Physical
[Impact Information Disclosure]
true
[Attack Vectors]
Extraction of iSmartAlermData.xml by any mean
[Has vendor confirmed or acknowledged the vulnerability?]
True
# CVE-2018-16223
###############
CVSS: 6.4 - AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in \
the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username \
and password. [VulnerabilityType Other]
Insecure Cryptographic Storage
[Vendor of Product]
Vestiacom
[Affected Product Code Base]
QBee Cam (Android) - <= 1.0.5
[Affected Component]
com.vestiacom.qbeecamera_preferences.xml, secure_preferences library
[Attack Type]
Physical
[Impact Information Disclosure]
true
[Attack Vectors]
Extraction of com.vestiacom.qbeecamera_preferences.xml file by any mean
[Has vendor confirmed or acknowledged the vulnerability?]
true
# CVE-2018-16224
###############
CVSS: 4.3 - AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 \
allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and \
22306, and access sensitive information from the device. [Vulnerability Type]
Incorrect Access Control
[Vendor of Product]
iSmartAlarm
[Affected Product Code Base]
iSmartAlarm Cube One - <= 2.2.4.10 (Fixed version number not yet available)
[Affected Component]
Network Traffic, Diagnostic Informations
[Attack Type]
Remote
[Impact Information Disclosure]
true
[Attack Vectors]
A carefully crafted TCP request to port 12345 et 22306
[Has vendor confirmed or acknowledged the vulnerability?]
true
["smime.p7s" (application/pkcs7-signature)]
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
--===============4235166762634890367==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic