MidnightBSD

Advisories for binatoneglobal

CVE-2021-3577 MEDIUM

An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-863,

Products Affected

Vendor Product Version
binatoneglobal comfort_85_connect_firmware *
binatoneglobal mbp3855_firmware *
binatoneglobal ease44_firmware -
binatoneglobal cn28_firmware -
binatoneglobal cn75_firmware -
binatoneglobal mbp3667_firmware -
binatoneglobal comfort_50_connect_firmware -
binatoneglobal focus_68_firmware -
binatoneglobal connect_20_firmware -
binatoneglobal comfort_40_firmware -
binatoneglobal mbp669_connect_firmware -
binatoneglobal lux_65_firmware -
binatoneglobal mbp6855_firmware -
binatoneglobal halo+_camera_firmware *
binatoneglobal lux_85_connect_firmware -
binatoneglobal focus_72r_firmware *
binatoneglobal cn50_firmware -
binatoneglobal connect_view_65_firmware -
binatoneglobal lux_64_firmware -
binatoneglobal mbp4855_firmware -
binatoneglobal cn40_firmware -
CVE-2021-3787 MEDIUM

A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-256,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
binatoneglobal comfort_85_connect_firmware *
binatoneglobal mbp3855_firmware *
binatoneglobal ease44_firmware -
binatoneglobal cn28_firmware -
binatoneglobal cn75_firmware -
binatoneglobal mbp3667_firmware -
binatoneglobal comfort_50_connect_firmware -
binatoneglobal focus_68_firmware -
binatoneglobal connect_20_firmware -
binatoneglobal comfort_40_firmware -
binatoneglobal mbp669_connect_firmware -
binatoneglobal lux_65_firmware -
binatoneglobal mbp6855_firmware -
binatoneglobal halo+_camera_firmware *
binatoneglobal lux_85_connect_firmware -
binatoneglobal focus_72r_firmware *
binatoneglobal cn50_firmware -
binatoneglobal connect_view_65_firmware -
binatoneglobal lux_64_firmware -
binatoneglobal mbp4855_firmware -
binatoneglobal cn40_firmware -
CVE-2021-3788 MEDIUM

An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
psirt@lenovo.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1299,CWE-287,

Products Affected

Vendor Product Version
binatoneglobal comfort_85_connect_firmware *
binatoneglobal mbp3855_firmware *
binatoneglobal ease44_firmware -
binatoneglobal cn28_firmware -
binatoneglobal cn75_firmware -
binatoneglobal mbp3667_firmware -
binatoneglobal comfort_50_connect_firmware -
binatoneglobal focus_68_firmware -
binatoneglobal connect_20_firmware -
binatoneglobal comfort_40_firmware -
binatoneglobal mbp669_connect_firmware -
binatoneglobal lux_65_firmware -
binatoneglobal mbp6855_firmware -
binatoneglobal halo+_camera_firmware *
binatoneglobal lux_85_connect_firmware -
binatoneglobal focus_72r_firmware *
binatoneglobal cn50_firmware -
binatoneglobal connect_view_65_firmware -
binatoneglobal lux_64_firmware -
binatoneglobal mbp4855_firmware -
binatoneglobal cn40_firmware -
CVE-2021-3789 LOW

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6
psirt@lenovo.com 4.2 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 0.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-326,

Products Affected

Vendor Product Version
binatoneglobal comfort_85_connect_firmware *
binatoneglobal mbp3855_firmware *
binatoneglobal ease44_firmware -
binatoneglobal cn28_firmware -
binatoneglobal cn75_firmware -
binatoneglobal mbp3667_firmware -
binatoneglobal comfort_50_connect_firmware -
binatoneglobal focus_68_firmware -
binatoneglobal connect_20_firmware -
binatoneglobal comfort_40_firmware -
binatoneglobal mbp669_connect_firmware -
binatoneglobal lux_65_firmware -
binatoneglobal mbp6855_firmware -
binatoneglobal halo+_camera_firmware *
binatoneglobal lux_85_connect_firmware -
binatoneglobal focus_72r_firmware *
binatoneglobal cn50_firmware -
binatoneglobal connect_view_65_firmware -
binatoneglobal lux_64_firmware -
binatoneglobal mbp4855_firmware -
binatoneglobal cn40_firmware -
CVE-2021-3790 LOW

A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
psirt@lenovo.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-121,CWE-120,

Products Affected

Vendor Product Version
binatoneglobal comfort_85_connect_firmware *
binatoneglobal mbp3855_firmware *
binatoneglobal ease44_firmware -
binatoneglobal cn28_firmware -
binatoneglobal cn75_firmware -
binatoneglobal mbp3667_firmware -
binatoneglobal comfort_50_connect_firmware -
binatoneglobal focus_68_firmware -
binatoneglobal connect_20_firmware -
binatoneglobal comfort_40_firmware -
binatoneglobal mbp669_connect_firmware -
binatoneglobal lux_65_firmware -
binatoneglobal mbp6855_firmware -
binatoneglobal halo+_camera_firmware *
binatoneglobal lux_85_connect_firmware -
binatoneglobal focus_72r_firmware *
binatoneglobal cn50_firmware -
binatoneglobal connect_view_65_firmware -
binatoneglobal lux_64_firmware -
binatoneglobal mbp4855_firmware -
binatoneglobal cn40_firmware -
CVE-2021-3791 LOW

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
binatoneglobal comfort_85_connect_firmware *
binatoneglobal mbp3855_firmware *
binatoneglobal ease44_firmware -
binatoneglobal cn28_firmware -
binatoneglobal cn75_firmware -
binatoneglobal mbp3667_firmware -
binatoneglobal comfort_50_connect_firmware -
binatoneglobal focus_68_firmware -
binatoneglobal connect_20_firmware -
binatoneglobal comfort_40_firmware -
binatoneglobal mbp669_connect_firmware -
binatoneglobal lux_65_firmware -
binatoneglobal mbp6855_firmware -
binatoneglobal halo+_camera_firmware *
binatoneglobal lux_85_connect_firmware -
binatoneglobal focus_72r_firmware *
binatoneglobal cn50_firmware -
binatoneglobal connect_view_65_firmware -
binatoneglobal lux_64_firmware -
binatoneglobal mbp4855_firmware -
binatoneglobal cn40_firmware -
CVE-2021-3792 MEDIUM

Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
binatoneglobal comfort_85_connect_firmware *
binatoneglobal mbp3855_firmware *
binatoneglobal ease44_firmware -
binatoneglobal cn28_firmware -
binatoneglobal cn75_firmware -
binatoneglobal mbp3667_firmware -
binatoneglobal comfort_50_connect_firmware -
binatoneglobal focus_68_firmware -
binatoneglobal connect_20_firmware -
binatoneglobal comfort_40_firmware -
binatoneglobal mbp669_connect_firmware -
binatoneglobal lux_65_firmware -
binatoneglobal mbp6855_firmware -
binatoneglobal halo+_camera_firmware *
binatoneglobal lux_85_connect_firmware -
binatoneglobal focus_72r_firmware *
binatoneglobal cn50_firmware -
binatoneglobal connect_view_65_firmware -
binatoneglobal lux_64_firmware -
binatoneglobal mbp4855_firmware -
binatoneglobal cn40_firmware -
CVE-2021-3793 MEDIUM

An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
psirt@lenovo.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-424,NVD-CWE-Other,

Products Affected

Vendor Product Version
binatoneglobal comfort_85_connect_firmware *
binatoneglobal mbp3855_firmware *
binatoneglobal ease44_firmware -
binatoneglobal cn28_firmware -
binatoneglobal cn75_firmware -
binatoneglobal mbp3667_firmware -
binatoneglobal comfort_50_connect_firmware -
binatoneglobal focus_68_firmware -
binatoneglobal connect_20_firmware -
binatoneglobal comfort_40_firmware -
binatoneglobal mbp669_connect_firmware -
binatoneglobal lux_65_firmware -
binatoneglobal mbp6855_firmware -
binatoneglobal halo+_camera_firmware *
binatoneglobal lux_85_connect_firmware -
binatoneglobal focus_72r_firmware *
binatoneglobal cn50_firmware -
binatoneglobal connect_view_65_firmware -
binatoneglobal lux_64_firmware -
binatoneglobal mbp4855_firmware -
binatoneglobal cn40_firmware -