Cleartext storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. Insecure cryptographic storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
d563070f90b89436eb2c6f216fcab2f75a1e9b175eab98ac4ca00e526a5582cf
QBee MultiSensor Camera versions through 4.16.4 suffer from a cookie reuse vulnerability. Swisscom Home App products are also affected.
395cd48b4a5259628c5c2ef65d18f9ea29602caac6159d66264f973c1064f529