CVE-2021-3577
12.11.2021, 22:15
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.
| Vendor | Product | Version |
|---|---|---|
| binatoneglobal | halo\+_camera_firmware | 𝑥 < 03.50.14 |
| binatoneglobal | comfort_85_connect_firmware | 𝑥 < 03.40.02 |
| binatoneglobal | mbp3855_firmware | 𝑥 < 03.40.00 |
| binatoneglobal | focus_68_firmware | - |
| binatoneglobal | focus_68_firmware | - |
| binatoneglobal | focus_72r_firmware | 𝑥 < 03.40.00 |
| binatoneglobal | focus_72r_firmware | 𝑥 < 03.40.00 |
| binatoneglobal | cn28_firmware | - |
| binatoneglobal | cn50_firmware | - |
| binatoneglobal | comfort_40_firmware | - |
| binatoneglobal | comfort_50_connect_firmware | - |
| binatoneglobal | mbp4855_firmware | - |
| binatoneglobal | mbp3667_firmware | - |
| binatoneglobal | mbp669_connect_firmware | - |
| binatoneglobal | lux_64_firmware | - |
| binatoneglobal | lux_65_firmware | - |
| binatoneglobal | connect_view_65_firmware | - |
| binatoneglobal | lux_85_connect_firmware | - |
| binatoneglobal | ease44_firmware | - |
| binatoneglobal | connect_20_firmware | - |
| binatoneglobal | mbp6855_firmware | - |
| binatoneglobal | cn40_firmware | - |
| binatoneglobal | cn75_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.