CVE-2018-16225
Last modified
CVE-2018-16225 is a vulnerability of currently unknown severity. The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qbeecam | Qbee Multi-Sensor Camera Firmware | <= 4.16.4 |
| Qbeecam | Qbeecam | <= 1.0.5 |
| Swisscom | Swisscom Home App | <= 10.7.2 |
References
- https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/Exploit, Third Party Advisory
- https://seclists.org/fulldisclosure/2018/Sep/21Mailing List, Third Party Advisory
- https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/Exploit, Third Party Advisory
- https://seclists.org/fulldisclosure/2018/Sep/21Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-16225?
How severe is CVE-2018-16225?
How do I fix CVE-2018-16225?
Are you affected by CVE-2018-16225?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST