Headline
CVE-2021-3577: Security Advisory – BinatoneGlobal
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.
Binatone Motorola-branded Camera Vulnerabilities
Potential Impact: Privilege escalation, information disclosure, denial of service
Severity: High
Scope of Impact: Binatone-specific
CVE Identifier: CVE-2021-3577, CVE-2021-3787, CVE-2021-3788, CVE-2021-3789, CVE-2021-3790, CVE-2021-3791, CVE-2021-3792, CVE-2021-3793
Summary Description:
The following vulnerabilities were reported in Motorola-branded Binatone Hubble Cameras.
CVE-2021-3577: An unauthenticated remote code execution vulnerability was reported that could allow an attacker on the same network unauthorized access to the device.
CVE-2021-3787: A vulnerability was reported in the device that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services.
CVE-2021-3788: An exposed debug interface was reported that could allow an attacker with physical access unauthorized access to the device.
CVE-2021-3789: An information disclosure vulnerability was reported in the device that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.
CVE-2021-3790: A buffer overflow was reported in the local web server of the device that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.
CVE-2021-3791: An information disclosure vulnerability was reported in the device that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.
CVE-2021-3792: Some device communications with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.
CVE-2021-3793: An improper access control vulnerability was reported in the device which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to the camera firmware version (or newer version) indicated in the Product Impact section below.
If you are concerned about these issues, you can use your camera in an “offline” mode until fixes are released by following these steps:
- Go to the camera app, Hubble Connected for Motorola
- Under your camera setting, there will be a “Delete camera” option
- Delete the camera from the app
- If your camera comes with a handheld monitor, you can view the camera on it
Product Impact:
Model ID
Model Name
Fix Version
OTA Target Release Date
0945
Halo+
03.50.14
0335
Comfort 85 connect
03.40.02
3855
MBP3855 (MBP 855 Connect)
03.40.00
0068
Focus 68 V100
TBD
2021-10-08
0168
Focus 68 V200
TBD
2021-10-05
0072
Focus 72R V100
03.40.00
0172
Focus 72R V200
03.40.00
0328
CN28/50 (COMFORT 40 / COMFORT 50 Connect)
TBD
2021-10-09
4855
MBP4855 (MBP 855 Connect)
TBD
2021-10-13
3667
MBP3667 (MBP 667 Connect)
TBD
2021-10-20
3669
MBP669 Connect
TBD
2021-10-20
0664
LUX64 /Lux 65/Connect View 65/ Lux 85 Connect
TBD
2021-10-30
0644
EASE44 / Connect 20
TBD
2021-10-03
6855
MBP6855 (MBP855 Connect)
TBD
2021-10-03
6335
CN40/75
TBD
2021-10-03
Acknowledgement:
CVE-2021-3577, CVE-2021-3787: Motorola thanks Randy Westergren for reporting this issue.
CVE-2021-3788, CVE-2021-3789, CVE-2021-3790, CVE-2021-3791: Motorola thanks Lennert Wouters and Günes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue.
CVE-2021-3792, CVE-2021-3793: Motorola thanks Lenovo Global Security Lab for reporting these issues.
Revision History:
Revision
Date
Description
1
2021-09-14
Initial release