CVE-2017-8403

HIGH

360fly 4K Camera Firmware - Authentication Bypass

Title source: rule

Description

360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program.

References (1)

[Technical Description] https://www.slideshare.net/fuguet/bluediot-when-a-mature-and-immature-technology-mixes-becomes-an-idiot-situation-75529672

Scores

CVSS v3 8.8

EPSS 0.0011

EPSS Percentile 29.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status draft

Affected Products (1)

360fly/4k_camera_firmware

Timeline

Published May 01, 2017

Tracked Since Feb 18, 2026