QBee MultiSensor Camera 4.16.4 Cookie Reuse

2018.09.18

Credit: Francesco Servida

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
[VulnerabilityType Other]
Auth bypass using cookie
[Vendor of Product]
QBee, Vestiacom, Swisscom
[Affected Product Code Base]
QBee MultiSensor Camera <= 4.16.4
QBee Cam (Android) <= 1.0.5 (Fixed version number not yet available)
QBee Cam (iOS) < 1.5.2
Swisscom Home App (Android) < 10.7.2
Swisscom Home App (iOS) < 10.9.0
[Affected Component]
Network Traffic
[Attack Type]
Remote
[Impact Denial of Service]
true
[Impact Information Disclosure]
true
[Attack Vectors]
Reuse of intercepted cookies to authorize requests to camera and disable it
[Has vendor confirmed or acknowledged the vulnerability?]
true
[Discoverer]
Francesco Servida (University of Lausanne)
[Reference]
https://francescoservida.ch/
https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability
https://unil.ch/esc/

References:

https://francescoservida.ch/

https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability

https://unil.ch/esc/

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

QBee MultiSensor Camera 4.16.4 Cookie Reuse

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.