CVE-2021-3577 : An unauthenticated remote code execution vulnerability was reported in some Moto

An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.

Published 2021-11-12 22:15:08

Updated 2021-11-16 18:24:05

Source Lenovo Group Ltd.

View at NVD, CVE.org

Vulnerability category: Execute codeBypass

Products affected by CVE-2021-3577

Binatoneglobal » Halo+ Camera Firmware
Versions before (<) 03.50.14
cpe:2.3:o:binatoneglobal:halo\+_camera_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Halo+ Camera » Version: N/A
Binatoneglobal » Comfort 85 Connect Firmware
Versions before (<) 03.40.02
cpe:2.3:o:binatoneglobal:comfort_85_connect_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Comfort 85 Connect » Version: N/A
Binatoneglobal » Mbp3855 Firmware
Versions before (<) 03.40.00
cpe:2.3:o:binatoneglobal:mbp3855_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Mbp3855 » Version: N/A
Binatoneglobal » Focus 68 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:focus_68_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Focus 68 » Version: V100
Binatoneglobal » Focus 72r Firmware
Versions before (<) 03.40.00
cpe:2.3:o:binatoneglobal:focus_72r_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Focus 72r » Version: V100
Binatoneglobal » Cn28 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:cn28_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Cn28 » Version: N/A
Binatoneglobal » Cn50 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:cn50_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Cn50 » Version: N/A
Binatoneglobal » Comfort 40 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:comfort_40_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Comfort 40 » Version: N/A
Binatoneglobal » Comfort 50 Connect Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:comfort_50_connect_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Comfort 50 Connect » Version: N/A
Binatoneglobal » Mbp4855 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:mbp4855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Mbp4855 » Version: N/A
Binatoneglobal » Mbp3667 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:mbp3667_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Mbp3667 » Version: N/A
Binatoneglobal » Mbp669 Connect Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:mbp669_connect_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Mbp669 Connect » Version: N/A
Binatoneglobal » Lux 64 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:lux_64_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Lux 64 » Version: N/A
Binatoneglobal » Lux 65 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:lux_65_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Lux 65 » Version: N/A
Binatoneglobal » Connect View 65 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:connect_view_65_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Connect View 65 » Version: N/A
Binatoneglobal » Lux 85 Connect Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:lux_85_connect_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Lux 85 Connect » Version: N/A
Binatoneglobal » Ease44 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:ease44_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Ease44 » Version: N/A
Binatoneglobal » Connect 20 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:connect_20_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Connect 20 » Version: N/A
Binatoneglobal » Mbp6855 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:mbp6855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Mbp6855 » Version: N/A
Binatoneglobal » Cn40 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:cn40_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Cn40 » Version: N/A
Binatoneglobal » Cn75 Firmware » Version: N/A
cpe:2.3:o:binatoneglobal:cn75_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Binatoneglobal » Cn75 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-3577

EPSS FAQ

86.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-3577

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:P	6.5	6.4	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	Lenovo Group Ltd.
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-3577

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: psirt@lenovo.com (Secondary)
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-3577

https://binatoneglobal.com/security-advisory/

Security Advisory – BinatoneGlobal
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-3577

Products affected by CVE-2021-3577

Exploit prediction scoring system (EPSS) score for CVE-2021-3577

CVSS scores for CVE-2021-3577

CWE ids for CVE-2021-3577

References for CVE-2021-3577