Details of VAR-202111-0509

ID

VAR-202111-0509

CVE

CVE-2021-3793

TITLE

plural Motorola-branded Binatone Hubble Vulnerability in camera

Trust: 0.8

sources: JVNDB: JVNDB-2021-014945

DESCRIPTION

An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware. plural Motorola-branded Binatone Hubble The camera has an unspecified vulnerability.Information may be obtained. Binatone Motorola-branded Camera is a Motorola-branded camera produced by Binatone authorized by Binatone

Trust: 2.16

sources: NVD: CVE-2021-3793 // JVNDB: JVNDB-2021-014945 // CNVD: CNVD-2022-77543

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-77543

AFFECTED PRODUCTS

vendor:	binatoneglobal	model:	focus 68	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	lux 64	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	halo\+ camera	scope:	lt	version:	03.50.14	Trust: 1.0
vendor:	binatoneglobal	model:	mbp6855	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	cn28	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	cn40	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	mbp669 connect	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	comfort 85 connect	scope:	lt	version:	03.40.02	Trust: 1.0
vendor:	binatoneglobal	model:	comfort 50 connect	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	mbp3667	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	cn75	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	mbp4855	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	cn50	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	mbp3855	scope:	lt	version:	03.40.00	Trust: 1.0
vendor:	binatoneglobal	model:	ease44	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	lux 65	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	comfort 40	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	focus 72r	scope:	lt	version:	03.40.00	Trust: 1.0
vendor:	binatoneglobal	model:	connect 20	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	connect view 65	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	lux 85 connect	scope:	eq	version:	-	Trust: 1.0
vendor:	binatone global	model:	comfort 50 connect	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	comfort 40	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	cn28	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	cn50	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	mbp3855	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	halo+ カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	mbp4855	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	focus 72r	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	comfort 85 connect	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	focus 68	scope:	-	version:	-	Trust: 0.8
vendor:	binatone	model:	motorola-branded camera	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-77543 // JVNDB: JVNDB-2021-014945 // NVD: CVE-2021-3793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-3793
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2021-3793
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-3793
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-77543
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202111-1180
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-3793
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-77543
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-3793
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
psirt@lenovo.com:	CVE-2021-3793
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2021-3793
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-77543 // JVNDB: JVNDB-2021-014945 // CNNVD: CNNVD-202111-1180 // NVD: CVE-2021-3793 // NVD: CVE-2021-3793

PROBLEMTYPE DATA

problemtype:	CWE-424	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-014945 // NVD: CVE-2021-3793

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1180

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-1180

PATCH

title:	Binatone Motorola-branded Camera Vulnerabilities	url:	https://binatoneglobal.com/security-advisory/	Trust: 0.8
title:	Patch for Binatone Motorola-branded Camera Access Control Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/360866	Trust: 0.6
title:	Binatone Motorola-branded Camera Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=170337	Trust: 0.6

sources: CNVD: CNVD-2022-77543 // JVNDB: JVNDB-2021-014945 // CNNVD: CNNVD-202111-1180

EXTERNAL IDS

db:	NVD	id:	CVE-2021-3793	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-014945	Trust: 0.8
db:	CNVD	id:	CNVD-2022-77543	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-1180	Trust: 0.6

sources: CNVD: CNVD-2022-77543 // JVNDB: JVNDB-2021-014945 // CNNVD: CNNVD-202111-1180 // NVD: CVE-2021-3793

REFERENCES

url:	https://binatoneglobal.com/security-advisory/	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3793	Trust: 1.4

sources: CNVD: CNVD-2022-77543 // JVNDB: JVNDB-2021-014945 // CNNVD: CNNVD-202111-1180 // NVD: CVE-2021-3793

SOURCES

db:	CNVD	id:	CNVD-2022-77543
db:	JVNDB	id:	JVNDB-2021-014945
db:	CNNVD	id:	CNNVD-202111-1180
db:	NVD	id:	CVE-2021-3793

LAST UPDATE DATE

2024-08-14T15:11:45.432000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-77543	date:	2022-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-014945	date:	2022-11-02T05:33:00
db:	CNNVD	id:	CNNVD-202111-1180	date:	2022-10-28T00:00:00
db:	NVD	id:	CVE-2021-3793	date:	2022-10-27T16:59:08.150

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-77543	date:	2022-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-014945	date:	2022-11-02T00:00:00
db:	CNNVD	id:	CNNVD-202111-1180	date:	2021-11-12T00:00:00
db:	NVD	id:	CVE-2021-3793	date:	2021-11-12T22:15:08.473