QBee MultiSensor Camera 4.16.4 Cookie Reuse

QBee MultiSensor Camera 4.16.4 Cookie Reuse: Posted Sep 18, 2018; Authored by Francesco Servida; QBee MultiSensor Camera versions through 4.16.4 suffer from a cookie reuse vulnerability. Swisscom Home App products are also affected.; tags | advisory; advisories | CVE-2018-16225; SHA-256 | 395cd48b4a5259628c5c2ef65d18f9ea29602caac6159d66264f973c1064f529; Download | Favorite | View

QBee MultiSensor Camera 4.16.4 Cookie Reuse

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
 
[VulnerabilityType Other]
 Auth bypass using cookie
 
[Vendor of Product]
 QBee, Vestiacom, Swisscom
 
[Affected Product Code Base]
 QBee MultiSensor Camera <= 4.16.4
 QBee Cam (Android) <= 1.0.5 (Fixed version number not yet available)
 QBee Cam (iOS) < 1.5.2
 Swisscom Home App (Android) < 10.7.2
 Swisscom Home App (iOS) < 10.9.0
 
[Affected Component]
 Network Traffic
 
[Attack Type]
 Remote
 
[Impact Denial of Service]
 true
 
[Impact Information Disclosure]
 true
 
[Attack Vectors]
 Reuse of intercepted cookies to authorize requests to camera and disable it
 
[Has vendor confirmed or acknowledged the vulnerability?]
 true
 
[Discoverer]
 Francesco Servida (University of Lausanne)
 
[Reference]
 https://francescoservida.ch/
 https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability
 https://unil.ch/esc/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1d1OaNNWm59k5XpArHdrFWRKXbEFAlueyQcACgkQrHdrFWRK
XbHlXA/+MwKRO1X7s85ViBEo0gaMNI2GIxioAwi7Hoqkn+jEEefBAkGLFy02F+MS
6i8f1C+AU88BJroihmuBhFklg6/d5qilQrym40MN2/qmr8g2ba7mayZxzRoa4jOn
JAggmnLbv0ODV0aIJpWWWDOgLNyZgn2ZfBt7glnSifJ4TTNJUN0xNGUcsYCAfbjo
zDjJknPFimxaM0ECJpNWMTMH2z8FJD8Cfb6uQjC9ZR6yy3Gd/xyyesyjcIf7L/56
bkVQUmzI3xLKIAISQ2WbqaMLemds69rWV3ePwrdyziUbkxflW0pKK9ObzcpoFkRD
fOZvqPgvkbBpFyE2xbImqqHtgwYiI27oXPJyc183mrR3XTbfFfOuXwDJSrNYPTyp
ZQwWyFAr25VqJriq4mfvr643U2ejexblwTi5Rnekf0spF2sFkjZGk1HLu095Yzx3
wThFmj8U8U/MyiUdRC8eW6Q/G0xw4lhqtQA8lxo5k7AOF9AkVImtYqk506Lx1JU8
LbJqy/3EoJleva5BWdBgTjH99zmbOHuvyGZRR8oNKDTBEUY3X2RnVeA3QUrhkEl5
Dgn1mJ/2Ztwyun6X3VcFoRQTAaHqfBb17EYzlE+92cU6SYxaFALO7PUBN/UUDIks
Gd6uuT5pJB2P/RrPEqAp2vjqgwNXQuarp44oPXAsriWRwEzeUbg=
=pHaV
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

QBee MultiSensor Camera 4.16.4 Cookie Reuse

QBee MultiSensor Camera 4.16.4 Cookie Reuse

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

QBee MultiSensor Camera 4.16.4 Cookie Reuse

Share This

QBee MultiSensor Camera 4.16.4 Cookie Reuse

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems