CVE-2018-16222

MEDIUM

Ismartalarm < 2.0.8 - Insufficiently Protected Credentials

Title source: rule

Description

Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password.

References (2)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Nov/2

Scores

CVSS v3 6.8

EPSS 0.0008

EPSS Percentile 22.7%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

ismartalarm/ismartalarm < 2.0.8

Timeline

Published Nov 20, 2018

Tracked Since Feb 18, 2026