Halo Camera Firmware
CVE-2021-3789
MEDIUM
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.
AnalysisAI
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages. Affected products include: Binatoneglobal Halo\+ Camera Firmware, Binatoneglobal Comfort 85 Connect Firmware, Binatoneglobal Mbp3855 Firmware, Binatoneglobal Focus 68 Firmware, Binatoneglobal Focus 72R Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.
More in Halo Camera Firmware
View allAn unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras tha
A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local ac
An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker wi
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow a
A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow
An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypt
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today