CVE-2021-3790 | ByteOS Network

Vulnerability Details :

CVE-2021-3790

Assigner-lenovo

Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b

Published At-12 Nov, 2021 | 22:05

Updated At-03 Aug, 2024 | 17:09

A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:lenovo

Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b

Published At:12 Nov, 2021 | 22:05

Updated At:03 Aug, 2024 | 17:09

▼CVE Numbering Authority (CNA)

A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.

Affected Products

Vendor

Motorola Mobility LLC. (Lenovo Group Limited)

Product

Binatone Hubble Cameras

Versions

Affected

various

Problem Types

Type	CWE ID	Description
CWE	CWE-121	CWE-121 Stack-based Buffer Overflow

Type: CWE

CWE ID: CWE-121

Description: CWE-121 Stack-based Buffer Overflow

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Solutions

Update to the camera firmware version (or newer version) indicated in the Product Impact section of the Binatone Security Advisory: https://binatoneglobal.com/security-advisory/.

Credits

Motorola thanks Lennert Wouters and Günes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue.

References

Hyperlink	Resource
https://binatoneglobal.com/security-advisory/	x_refsource_MISC

Hyperlink: https://binatoneglobal.com/security-advisory/

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://binatoneglobal.com/security-advisory/	x_refsource_MISC x_transferred

Hyperlink: https://binatoneglobal.com/security-advisory/

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

Source:psirt@lenovo.com

Published At:12 Nov, 2021 | 22:15

Updated At:16 Nov, 2021 | 18:38

A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	3.3	LOW	AV:A/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 3.3

Base severity: LOW

Vector:

AV:A/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

binatoneglobal>>halo\+_camera_firmware>>Versions before 03.50.14(exclusive)

cpe:2.3:o:binatoneglobal:halo\+_camera_firmware:*:*:*:*:*:*:*:*

binatoneglobal>>halo\+_camera>>-

cpe:2.3:h:binatoneglobal:halo\+_camera:-:*:*:*:*:*:*:*

binatoneglobal>>comfort_85_connect_firmware>>Versions before 03.40.02(exclusive)

cpe:2.3:o:binatoneglobal:comfort_85_connect_firmware:*:*:*:*:*:*:*:*

binatoneglobal>>comfort_85_connect>>-

cpe:2.3:h:binatoneglobal:comfort_85_connect:-:*:*:*:*:*:*:*

binatoneglobal>>mbp3855_firmware>>Versions before 03.40.00(exclusive)

cpe:2.3:o:binatoneglobal:mbp3855_firmware:*:*:*:*:*:*:*:*

binatoneglobal>>mbp3855>>-

cpe:2.3:h:binatoneglobal:mbp3855:-:*:*:*:*:*:*:*

binatoneglobal>>focus_68_firmware>>-

cpe:2.3:o:binatoneglobal:focus_68_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>focus_68>>v100

cpe:2.3:h:binatoneglobal:focus_68:v100:*:*:*:*:*:*:*

binatoneglobal>>focus_68_firmware>>-

cpe:2.3:o:binatoneglobal:focus_68_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>focus_68>>v200

cpe:2.3:h:binatoneglobal:focus_68:v200:*:*:*:*:*:*:*

binatoneglobal>>focus_72r_firmware>>Versions before 03.40.00(exclusive)

cpe:2.3:o:binatoneglobal:focus_72r_firmware:*:*:*:*:*:*:*:*

binatoneglobal>>focus_72r>>v100

cpe:2.3:h:binatoneglobal:focus_72r:v100:*:*:*:*:*:*:*

binatoneglobal>>focus_72r_firmware>>Versions before 03.40.00(exclusive)

cpe:2.3:o:binatoneglobal:focus_72r_firmware:*:*:*:*:*:*:*:*

binatoneglobal>>focus_72r>>v200

cpe:2.3:h:binatoneglobal:focus_72r:v200:*:*:*:*:*:*:*

binatoneglobal>>cn28_firmware>>-

cpe:2.3:o:binatoneglobal:cn28_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>cn28>>-

cpe:2.3:h:binatoneglobal:cn28:-:*:*:*:*:*:*:*

binatoneglobal>>cn50_firmware>>-

cpe:2.3:o:binatoneglobal:cn50_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>cn50>>-

cpe:2.3:h:binatoneglobal:cn50:-:*:*:*:*:*:*:*

binatoneglobal>>comfort_40_firmware>>-

cpe:2.3:o:binatoneglobal:comfort_40_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>comfort_40>>-

cpe:2.3:h:binatoneglobal:comfort_40:-:*:*:*:*:*:*:*

binatoneglobal>>comfort_50_connect_firmware>>-

cpe:2.3:o:binatoneglobal:comfort_50_connect_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>comfort_50_connect>>-

cpe:2.3:h:binatoneglobal:comfort_50_connect:-:*:*:*:*:*:*:*

binatoneglobal>>mbp4855_firmware>>-

cpe:2.3:o:binatoneglobal:mbp4855_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>mbp4855>>-

cpe:2.3:h:binatoneglobal:mbp4855:-:*:*:*:*:*:*:*

binatoneglobal>>mbp3667_firmware>>-

cpe:2.3:o:binatoneglobal:mbp3667_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>mbp3667>>-

cpe:2.3:h:binatoneglobal:mbp3667:-:*:*:*:*:*:*:*

binatoneglobal>>mbp669_connect_firmware>>-

cpe:2.3:o:binatoneglobal:mbp669_connect_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>mbp669_connect>>-

cpe:2.3:h:binatoneglobal:mbp669_connect:-:*:*:*:*:*:*:*

binatoneglobal>>lux_64_firmware>>-

cpe:2.3:o:binatoneglobal:lux_64_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>lux_64>>-

cpe:2.3:h:binatoneglobal:lux_64:-:*:*:*:*:*:*:*

binatoneglobal>>lux_65_firmware>>-

cpe:2.3:o:binatoneglobal:lux_65_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>lux_65>>-

cpe:2.3:h:binatoneglobal:lux_65:-:*:*:*:*:*:*:*

binatoneglobal>>connect_view_65_firmware>>-

cpe:2.3:o:binatoneglobal:connect_view_65_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>connect_view_65>>-

cpe:2.3:h:binatoneglobal:connect_view_65:-:*:*:*:*:*:*:*

binatoneglobal>>lux_85_connect_firmware>>-

cpe:2.3:o:binatoneglobal:lux_85_connect_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>lux_85_connect>>-

cpe:2.3:h:binatoneglobal:lux_85_connect:-:*:*:*:*:*:*:*

binatoneglobal>>ease44_firmware>>-

cpe:2.3:o:binatoneglobal:ease44_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>ease44>>-

cpe:2.3:h:binatoneglobal:ease44:-:*:*:*:*:*:*:*

binatoneglobal>>connect_20_firmware>>-

cpe:2.3:o:binatoneglobal:connect_20_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>connect_20>>-

cpe:2.3:h:binatoneglobal:connect_20:-:*:*:*:*:*:*:*

binatoneglobal>>mbp6855_firmware>>-

cpe:2.3:o:binatoneglobal:mbp6855_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>mbp6855>>-

cpe:2.3:h:binatoneglobal:mbp6855:-:*:*:*:*:*:*:*

binatoneglobal>>cn40_firmware>>-

cpe:2.3:o:binatoneglobal:cn40_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>cn40>>-

cpe:2.3:h:binatoneglobal:cn40:-:*:*:*:*:*:*:*

binatoneglobal>>cn75_firmware>>-

cpe:2.3:o:binatoneglobal:cn75_firmware:-:*:*:*:*:*:*:*

binatoneglobal>>cn75>>-

cpe:2.3:h:binatoneglobal:cn75:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-120	Primary	nvd@nist.gov
CWE-121	Secondary	psirt@lenovo.com

CWE ID: CWE-120

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-121

Type: Secondary

Source: psirt@lenovo.com

References

Hyperlink	Source	Resource
https://binatoneglobal.com/security-advisory/	psirt@lenovo.com	Vendor Advisory

Hyperlink: https://binatoneglobal.com/security-advisory/

Source: psirt@lenovo.com

Resource:

Vendor Advisory