CVE-2021-3789
12.11.2021, 22:15
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.Enginsight
| Vendor | Product | Version |
|---|---|---|
| binatoneglobal | halo\+_camera_firmware | 𝑥 < 03.50.14 |
| binatoneglobal | comfort_85_connect_firmware | 𝑥 < 03.40.02 |
| binatoneglobal | mbp3855_firmware | 𝑥 < 03.40.00 |
| binatoneglobal | focus_68_firmware | - |
| binatoneglobal | focus_68_firmware | - |
| binatoneglobal | focus_72r_firmware | 𝑥 < 03.40.00 |
| binatoneglobal | focus_72r_firmware | 𝑥 < 03.40.00 |
| binatoneglobal | cn28_firmware | - |
| binatoneglobal | cn50_firmware | - |
| binatoneglobal | comfort_40_firmware | - |
| binatoneglobal | comfort_50_connect_firmware | - |
| binatoneglobal | mbp4855_firmware | - |
| binatoneglobal | mbp3667_firmware | - |
| binatoneglobal | mbp669_connect_firmware | - |
| binatoneglobal | lux_64_firmware | - |
| binatoneglobal | lux_65_firmware | - |
| binatoneglobal | connect_view_65_firmware | - |
| binatoneglobal | lux_85_connect_firmware | - |
| binatoneglobal | ease44_firmware | - |
| binatoneglobal | connect_20_firmware | - |
| binatoneglobal | mbp6855_firmware | - |
| binatoneglobal | cn40_firmware | - |
| binatoneglobal | cn75_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
- CWE-326 - Inadequate Encryption StrengthThe software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.