Binatone Motorola-branded Camera Vulnerabilities

Potential Impact: Privilege escalation, information disclosure, denial of service

Severity: High

Scope of Impact: Binatone-specific

CVE Identifier: CVE-2021-3577, CVE-2021-3787, CVE-2021-3788, CVE-2021-3789, CVE-2021-3790, CVE-2021-3791, CVE-2021-3792, CVE-2021-3793

Summary Description:

The following vulnerabilities were reported in Motorola-branded Binatone Hubble Cameras.

CVE-2021-3577: An unauthenticated remote code execution vulnerability was reported that could allow an attacker on the same network unauthorized access to the device.

CVE-2021-3787: A vulnerability was reported in the device that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services.

CVE-2021-3788: An exposed debug interface was reported that could allow an attacker with physical access unauthorized access to the device.

CVE-2021-3789: An information disclosure vulnerability was reported in the device that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.

CVE-2021-3790: A buffer overflow was reported in the local web server of the device that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.

CVE-2021-3791: An information disclosure vulnerability was reported in the device that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.

CVE-2021-3792: Some device communications with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.

CVE-2021-3793: An improper access control vulnerability was reported in the device which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update to the camera firmware version (or newer version) indicated in the Product Impact section below.

If you are concerned about these issues, you can use your camera in an “offline” mode until fixes are released by following these steps:

  • Go to the camera app, Hubble Connected for Motorola
  • Under your camera setting, there will be a “Delete camera” option
  • Delete the camera from the app
  • If your camera comes with a handheld monitor, you can view the camera on it

Product Impact:

Model IDModel NameFix VersionOTA Target Release Date
0945Halo+03.50.14 
0335Comfort 85 connect03.40.02 
3855MBP3855 (MBP 855 Connect)03.40.00
0068Focus 68 V100TBD2021-10-08
0168Focus 68 V200TBD2021-10-05
0072Focus 72R V10003.40.00
0172Focus 72R V20003.40.00
0328CN28/50 (COMFORT 40 / COMFORT 50 Connect)TBD2021-10-09
4855MBP4855 (MBP 855 Connect)TBD2021-10-13
3667MBP3667 (MBP 667 Connect)TBD2021-10-20
3669MBP669 ConnectTBD2021-10-20
0664LUX64 /Lux 65/Connect View 65/ Lux 85 ConnectTBD2021-10-30
0644EASE44 / Connect 20TBD2021-10-03
6855MBP6855 (MBP855 Connect)TBD2021-10-03
6335CN40/75TBD2021-10-03

Acknowledgement:

CVE-2021-3577, CVE-2021-3787: Motorola thanks Randy Westergren for reporting this issue.

CVE-2021-3788, CVE-2021-3789, CVE-2021-3790, CVE-2021-3791: Motorola thanks Lennert Wouters and Günes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue.

CVE-2021-3792, CVE-2021-3793: Motorola thanks Lenovo Global Security Lab for reporting these issues.

Revision History:

RevisionDateDescription
12021-09-14Initial release