CVE-2018-16225
MEDIUMQBee MultiSensor Camera <= 4.16.4 - Cleartext Transmission of Sensitive Information
Title source: llmDescription
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
https://seclists.org/fulldisclosure/2018/Sep/21
Exploit, Third Party Advisory x_refsource_misc
https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/
Scores
CVSS v3
6.5
EPSS
0.0062
EPSS Percentile
44.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-319
Status
published
Products (3)
qbeecam/qbee_multi-sensor_camera_firmware
< 4.16.4
qbeecam/qbeecam
< 1.0.5
swisscom/swisscom_home_app
< 10.7.2
Published
Sep 18, 2018
Tracked Since
Feb 18, 2026