An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.
Description: CWE-532 Information Exposure Through Log Files
Metrics
Version
Base score
Base severity
Vector
3.1
6.5
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version:3.1
Base score:6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Update to the camera firmware version (or newer version) indicated in the Product Impact section of the Binatone Security Advisory: https://binatoneglobal.com/security-advisory/.
Configurations
Workarounds
Exploits
Credits
Motorola thanks Lennert Wouters and Günes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue.