Details of VAR-202111-0511

ID

VAR-202111-0511

CVE

CVE-2021-3791

TITLE

plural Motorola-branded Binatone Hubble Vulnerability related to information leakage from log files in cameras

Trust: 0.8

sources: JVNDB: JVNDB-2021-014943

DESCRIPTION

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password. Binatone Motorola-branded Camera is a Motorola brand product camera authorized by Binatone Company

Trust: 2.16

sources: NVD: CVE-2021-3791 // JVNDB: JVNDB-2021-014943 // CNVD: CNVD-2022-77542

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-77542

AFFECTED PRODUCTS

vendor:	binatoneglobal	model:	cn28	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	cn75	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	mbp4855	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	cn50	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	mbp3667	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	connect view 65	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	focus 72r	scope:	lt	version:	03.40.00	Trust: 1.0
vendor:	binatoneglobal	model:	halo\+ camera	scope:	lt	version:	03.50.14	Trust: 1.0
vendor:	binatoneglobal	model:	connect 20	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	lux 64	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	mbp3855	scope:	lt	version:	03.40.00	Trust: 1.0
vendor:	binatoneglobal	model:	lux 65	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	comfort 85 connect	scope:	lt	version:	03.40.02	Trust: 1.0
vendor:	binatoneglobal	model:	cn40	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	comfort 40	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	focus 68	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	comfort 50 connect	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	ease44	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	lux 85 connect	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	mbp669 connect	scope:	eq	version:	-	Trust: 1.0
vendor:	binatoneglobal	model:	mbp6855	scope:	eq	version:	-	Trust: 1.0
vendor:	binatone global	model:	comfort 50 connect	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	comfort 40	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	cn28	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	cn50	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	mbp3855	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	halo+ カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	mbp4855	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	focus 72r	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	comfort 85 connect	scope:	-	version:	-	Trust: 0.8
vendor:	binatone global	model:	focus 68	scope:	-	version:	-	Trust: 0.8
vendor:	binatone	model:	motorola-branded camera	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-77542 // JVNDB: JVNDB-2021-014943 // NVD: CVE-2021-3791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-3791
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2021-3791
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-3791
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-77542
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202111-1177
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-3791
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-77542
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-3791
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-014943
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-77542 // JVNDB: JVNDB-2021-014943 // CNNVD: CNNVD-202111-1177 // NVD: CVE-2021-3791 // NVD: CVE-2021-3791

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.0
problemtype:	Information leakage from log files (CWE-532) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-014943 // NVD: CVE-2021-3791

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202111-1177

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202111-1177

PATCH

title:	Binatone Motorola-branded Camera Vulnerabilities	url:	https://binatoneglobal.com/security-advisory/	Trust: 0.8
title:	Patch for Binatone Motorola-branded Camera Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/360871	Trust: 0.6
title:	Binatone Motorola-branded Camera Repair measures for log information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170334	Trust: 0.6

sources: CNVD: CNVD-2022-77542 // JVNDB: JVNDB-2021-014943 // CNNVD: CNNVD-202111-1177

EXTERNAL IDS

db:	NVD	id:	CVE-2021-3791	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-014943	Trust: 0.8
db:	CNVD	id:	CNVD-2022-77542	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-1177	Trust: 0.6

sources: CNVD: CNVD-2022-77542 // JVNDB: JVNDB-2021-014943 // CNNVD: CNNVD-202111-1177 // NVD: CVE-2021-3791

REFERENCES

url:	https://binatoneglobal.com/security-advisory/	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3791	Trust: 1.4

sources: CNVD: CNVD-2022-77542 // JVNDB: JVNDB-2021-014943 // CNNVD: CNNVD-202111-1177 // NVD: CVE-2021-3791

SOURCES

db:	CNVD	id:	CNVD-2022-77542
db:	JVNDB	id:	JVNDB-2021-014943
db:	CNNVD	id:	CNNVD-202111-1177
db:	NVD	id:	CVE-2021-3791

LAST UPDATE DATE

2024-11-23T21:58:39.059000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-77542	date:	2022-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-014943	date:	2022-11-02T05:32:00
db:	CNNVD	id:	CNNVD-202111-1177	date:	2022-07-01T00:00:00
db:	NVD	id:	CVE-2021-3791	date:	2024-11-21T06:22:26.647

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-77542	date:	2022-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-014943	date:	2022-11-02T00:00:00
db:	CNNVD	id:	CNNVD-202111-1177	date:	2021-11-12T00:00:00
db:	NVD	id:	CVE-2021-3791	date:	2021-11-12T22:15:08.367