CVE-2017-8403
HIGH360fly 4K Camera Firmware 2.1.4 - Unauthenticated Wi-Fi Password Change via BLE Pairing
Title source: llmDescription
360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program.
References (1)
Core 1
Core References
Technical Description x_refsource_misc
https://www.slideshare.net/fuguet/bluediot-when-a-mature-and-immature-technology-mixes-becomes-an-idiot-situation-75529672
Scores
CVSS v3
8.8
EPSS
0.0081
EPSS Percentile
52.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
360fly/4k_camera_firmware
2.1.4
Published
May 01, 2017
Tracked Since
Feb 18, 2026