CVE-2018-16223

CRITICAL

Qbeecam < 1.0.5 - Insufficiently Protected Credentials

Title source: rule

Description

Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.

References (2)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Nov/2

Scores

CVSS v3 9.8

EPSS 0.0070

EPSS Percentile 71.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

qbeecam/qbeecam < 1.0.5

Timeline

Published Nov 20, 2018

Tracked Since Feb 18, 2026