CVE-2017-8403 - OpenCVE

360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
360fly	4k Camera 4k Camera Firmware

Configuration 1 [-]

AND

cpe:2.3:o:360fly:4k_camera_firmware:2.1.4:*:*:*:*:*:*:*

cpe:2.3:h:360fly:4k_camera:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.slideshare.net/fuguet/bluediot-when-a-mature-and-immature-technology-mixes-becomes-an-idiot-situation-75529672	Technical Description

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:23:06

Updated: 2022-10-03T16:23:06

Reserved: 2022-10-03T00:00:00

Link: CVE-2017-8403

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-05-01T20:59:00.170

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-8403

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:23:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.slideshare.net/fuguet/bluediot-when-a-mature-and-immature-technology-mixes-becomes-an-idiot-situation-75529672"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8403", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.slideshare.net/fuguet/bluediot-when-a-mature-and-immature-technology-mixes-becomes-an-idiot-situation-75529672", "refsource": "MISC", "url": "https://www.slideshare.net/fuguet/bluediot-when-a-mature-and-immature-technology-mixes-becomes-an-idiot-situation-75529672"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8403", "datePublished": "2022-10-03T16:23:06", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:23:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:360fly:4k_camera_firmware:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "9A678F3B-FDB5-498B-8880-D6C821830BE1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:360fly:4k_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF12778D-88C6-462F-9DDA-271ED5F2FAEB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program."}, {"lang": "es", "value": "Las c\u00e1maras 360fly 4K permiten cambios de contrase\u00f1a Wi-Fi sin autenticaci\u00f3n y acceso completo usando REST en el procedimiento de emparejamiento de Bluetooth Low Energy, que est\u00e1 disponible en cualquier momento y no requiere contrase\u00f1a. Esto afecta al firmware 2.1.4. La explotaci\u00f3n puede utilizar la aplicaci\u00f3n de Android o iOS de 360fly, o el programa BlueZ gatttool."}], "id": "CVE-2017-8403", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-01T20:59:00.170", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "https://www.slideshare.net/fuguet/bluediot-when-a-mature-and-immature-technology-mixes-becomes-an-idiot-situation-75529672"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}