Halo Camera Firmware
CVE-2021-3577
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.
AnalysisAI
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. Affected products include: Binatoneglobal Halo\+ Camera Firmware, Binatoneglobal Comfort 85 Connect Firmware, Binatoneglobal Mbp3855 Firmware, Binatoneglobal Focus 68 Firmware, Binatoneglobal Focus 72R Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
More in Halo Camera Firmware
View allA vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local ac
An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker wi
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow a
A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow
An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypt
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow a
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today