lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <AEAAB493-3EBC-4BD9-9397-960B740177B2@unil.ch>
Date: Wed, 31 Oct 2018 18:25:27 +0000
From: Francesco Servida <francesco.servida@...l.ch>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and
 iSmartAlarm Products

Multiple vulnerabilities have been identified in the QBee Camera (CVE-2018-16223) and iSmartAlarm devices (CVE-2018-16222 & CVE-2018-16224)  and/or companion applications.

https://blog.francescoservida.ch/2018/10/31/cve-2018-16222-to-16225-multiple-vulnerabilities-in-qbee-and-ismartalarm-products/

# CVE-2018-16222
###############

CVSS: 6.4 - AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Cleartext Storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password.
[VulnerabilityType Other]
 Cleartext Storage in a File or on Disk
[Vendor of Product]
 iSmartAlarm
[Affected Product Code Base]
 iSmartAlarm - <= 2.0.8
[Affected Component]
 iSmartAlermData.xml
[Attack Type]
 Physical
[Impact Information Disclosure]
 true
[Attack Vectors]
 Extraction of iSmartAlermData.xml by any mean
[Has vendor confirmed or acknowledged the vulnerability?]
 True


# CVE-2018-16223
###############

CVSS: 6.4 - AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.
[VulnerabilityType Other]
 Insecure Cryptographic Storage
[Vendor of Product]
 Vestiacom
[Affected Product Code Base]
 QBee Cam (Android) - <= 1.0.5
[Affected Component]
 com.vestiacom.qbeecamera_preferences.xml, secure_preferences library
[Attack Type]
 Physical
[Impact Information Disclosure]
 true
[Attack Vectors]
 Extraction of com.vestiacom.qbeecamera_preferences.xml file by any mean
[Has vendor confirmed or acknowledged the vulnerability?]
 true


# CVE-2018-16224
###############

CVSS: 4.3 - AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
[Vulnerability Type]
 Incorrect Access Control
[Vendor of Product]
 iSmartAlarm
[Affected Product Code Base]
 iSmartAlarm Cube One - <= 2.2.4.10 (Fixed version number not yet available)
[Affected Component]
 Network Traffic, Diagnostic Informations
[Attack Type]
 Remote
[Impact Information Disclosure]
 true
[Attack Vectors]
 A carefully crafted TCP request to port 12345 et 22306
[Has vendor confirmed or acknowledged the vulnerability?]
 true

Download attachment "smime.p7s" of type "application/pkcs7-signature" (5004 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ