Binatone Motorola-branded Camera Vulnerabilities
Potential Impact: Privilege escalation, information disclosure, denial of service
Severity: High
Scope of Impact: Binatone-specific
CVE Identifier: CVE-2021-3577, CVE-2021-3787, CVE-2021-3788, CVE-2021-3789, CVE-2021-3790, CVE-2021-3791, CVE-2021-3792, CVE-2021-3793
Summary Description:
The following vulnerabilities were reported in Motorola-branded Binatone Hubble Cameras.
CVE-2021-3577: An unauthenticated remote code execution vulnerability was reported that could allow an attacker on the same network unauthorized access to the device.
CVE-2021-3787: A vulnerability was reported in the device that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services.
CVE-2021-3788: An exposed debug interface was reported that could allow an attacker with physical access unauthorized access to the device.
CVE-2021-3789: An information disclosure vulnerability was reported in the device that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.
CVE-2021-3790: A buffer overflow was reported in the local web server of the device that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.
CVE-2021-3791: An information disclosure vulnerability was reported in the device that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.
CVE-2021-3792: Some device communications with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.
CVE-2021-3793: An improper access control vulnerability was reported in the device which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to the camera firmware version (or newer version) indicated in the Product Impact section below.
If you are concerned about these issues, you can use your camera in an “offline” mode until fixes are released by following these steps:
- Go to the camera app, Hubble Connected for Motorola
- Under your camera setting, there will be a “Delete camera” option
- Delete the camera from the app
- If your camera comes with a handheld monitor, you can view the camera on it
Product Impact:
Model ID | Model Name | Fix Version | OTA Target Release Date |
0945 | Halo+ | 03.50.14 | |
0335 | Comfort 85 connect | 03.40.02 | |
3855 | MBP3855 (MBP 855 Connect) | 03.40.00 | |
0068 | Focus 68 V100 | TBD | |
0168 | Focus 68 V200 | 03.40.00 | |
0072 | Focus 72R V100 | 03.40.00 | |
0172 | Focus 72R V200 | 03.40.00 | |
0328 | CN28/50 (COMFORT 40 / COMFORT 50 Connect) | 03.40.00 | |
4855 | MBP4855 (MBP 855 Connect) | 03.40.00 | |
3667 | MBP3667 (MBP 667 Connect) | 03.40.00 | |
3669 | MBP669 Connect | 03.40.00 | |
0664 | LUX64 /Lux 65/Connect View 65/ Lux 85 Connect | 03.60.04 | |
0644 | EASE44 / Connect 20 | 03.40.16 | |
6855 | MBP6855 (MBP855 Connect) | 03.40.16 | |
6335 | CN40/75 | 03.40.16 |
Acknowledgement:
CVE-2021-3577, CVE-2021-3787: Motorola thanks Randy Westergren for reporting this issue.
CVE-2021-3788, CVE-2021-3789, CVE-2021-3790, CVE-2021-3791: Motorola thanks Lennert Wouters and Günes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue.
CVE-2021-3792, CVE-2021-3793: Motorola thanks Lenovo Global Security Lab for reporting these issues.
Revision History:
Revision | Date | Description |
1 | 2021-09-14 | Initial release |