Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities found for Smart Indoor Camera by Netatmo
VAR-202004-2187
Vulnerability from variot - Updated: 2023-12-18 13:37Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions. Netatmo Smart Indoor Camera There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Attackers can use this vulnerability to execute commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart indoor camera",
"scope": null,
"trust": 1.4,
"vendor": "netatmo",
"version": null
},
{
"model": "smart indoor camera",
"scope": "lt",
"trust": 1.0,
"vendor": "netatmo",
"version": "4.2.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33336"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015479"
},
{
"db": "NVD",
"id": "CVE-2019-17101"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netatmo:smart_indoor_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netatmo:smart_indoor_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17101"
}
]
},
"cve": "CVE-2019-17101",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015479",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-33336",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-17101",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve-requests@bitdefender.com",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.5,
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015479",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-17101",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve-requests@bitdefender.com",
"id": "CVE-2019-17101",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015479",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-33336",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2008",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-17101",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33336"
},
{
"db": "VULMON",
"id": "CVE-2019-17101"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015479"
},
{
"db": "NVD",
"id": "CVE-2019-17101"
},
{
"db": "NVD",
"id": "CVE-2019-17101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2008"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions. Netatmo Smart Indoor Camera There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Attackers can use this vulnerability to execute commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17101"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015479"
},
{
"db": "CNVD",
"id": "CNVD-2020-33336"
},
{
"db": "VULMON",
"id": "CVE-2019-17101"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17101",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015479",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-33336",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2008",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-17101",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33336"
},
{
"db": "VULMON",
"id": "CVE-2019-17101"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015479"
},
{
"db": "NVD",
"id": "CVE-2019-17101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2008"
}
]
},
"id": "VAR-202004-2187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33336"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33336"
}
]
},
"last_update_date": "2023-12-18T13:37:49.107000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.netatmo.com/en-us"
},
{
"title": "Patch for Netatmo Smart Indoor Camera injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/221869"
},
{
"title": "Netatmo Smart Indoor Camera Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116768"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33336"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015479"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015479"
},
{
"db": "NVD",
"id": "CVE-2019-17101"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17101"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17101"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-33336"
},
{
"db": "VULMON",
"id": "CVE-2019-17101"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015479"
},
{
"db": "NVD",
"id": "CVE-2019-17101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2008"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-33336"
},
{
"db": "VULMON",
"id": "CVE-2019-17101"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015479"
},
{
"db": "NVD",
"id": "CVE-2019-17101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2008"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-33336"
},
{
"date": "2020-04-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17101"
},
{
"date": "2020-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015479"
},
{
"date": "2020-04-23T19:15:12.607000",
"db": "NVD",
"id": "CVE-2019-17101"
},
{
"date": "2020-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2008"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-33336"
},
{
"date": "2021-10-29T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17101"
},
{
"date": "2020-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015479"
},
{
"date": "2021-10-29T18:42:42.987000",
"db": "NVD",
"id": "CVE-2019-17101"
},
{
"date": "2021-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2008"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netatmo Smart Indoor Camera Injection vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015479"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2008"
}
],
"trust": 0.6
}
}
CVE-2019-17101 (GCVE-0-2019-17101)
Vulnerability from cvelistv5 – Published: 2020-04-23 18:35 – Updated: 2024-09-17 03:43
VLAI
Title
Command execution due to unsanitized input in Netatmo Smart Indoor Security Camera
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions.
Severity
5.7 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://labs.bitdefender.com/2020/04/cracking-the… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Netatmo | Smart Indoor Camera |
Affected:
unspecified , < 4.2.5
(custom)
|
Date Public
2020-04-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Indoor Camera",
"vendor": "Netatmo",
"versions": [
{
"lessThan": "4.2.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bitdefender Labs"
}
],
"datePublic": "2020-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T18:35:12.000Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/"
}
],
"solutions": [
{
"lang": "en",
"value": "An update to firmware version 4.2.5 mitigates this issue"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command execution due to unsanitized input in Netatmo Smart Indoor Security Camera",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-04-23T18:00:00.000Z",
"ID": "CVE-2019-17101",
"STATE": "PUBLIC",
"TITLE": "Command execution due to unsanitized input in Netatmo Smart Indoor Security Camera"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Indoor Camera",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.2.5"
}
]
}
}
]
},
"vendor_name": "Netatmo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bitdefender Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/",
"refsource": "MISC",
"url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/"
}
]
},
"solution": [
{
"lang": "en",
"value": "An update to firmware version 4.2.5 mitigates this issue"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2019-17101",
"datePublished": "2020-04-23T18:35:12.264Z",
"dateReserved": "2019-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:24.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17101 (GCVE-0-2019-17101)
Vulnerability from nvd – Published: 2020-04-23 18:35 – Updated: 2024-09-17 03:43
VLAI
Title
Command execution due to unsanitized input in Netatmo Smart Indoor Security Camera
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions.
Severity
5.7 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://labs.bitdefender.com/2020/04/cracking-the… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Netatmo | Smart Indoor Camera |
Affected:
unspecified , < 4.2.5
(custom)
|
Date Public
2020-04-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Indoor Camera",
"vendor": "Netatmo",
"versions": [
{
"lessThan": "4.2.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bitdefender Labs"
}
],
"datePublic": "2020-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T18:35:12.000Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/"
}
],
"solutions": [
{
"lang": "en",
"value": "An update to firmware version 4.2.5 mitigates this issue"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command execution due to unsanitized input in Netatmo Smart Indoor Security Camera",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-04-23T18:00:00.000Z",
"ID": "CVE-2019-17101",
"STATE": "PUBLIC",
"TITLE": "Command execution due to unsanitized input in Netatmo Smart Indoor Security Camera"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Indoor Camera",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.2.5"
}
]
}
}
]
},
"vendor_name": "Netatmo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bitdefender Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/",
"refsource": "MISC",
"url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/"
}
]
},
"solution": [
{
"lang": "en",
"value": "An update to firmware version 4.2.5 mitigates this issue"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2019-17101",
"datePublished": "2020-04-23T18:35:12.264Z",
"dateReserved": "2019-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:24.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}