CVE-2019-17101 - OpenCVE

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netatmo	Smart Indoor Camera Firmware Smart Indoor Camera

Configuration 1 [-]

AND

cpe:2.3:o:netatmo:smart_indoor_camera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netatmo:smart_indoor_camera:-:*:*:*:*:*:*:*

References

Link	Resource
https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Bitdefender

Published: 2020-04-23T00:00:00

Updated: 2020-04-23T18:35:12

Reserved: 2019-10-02T00:00:00

Link: CVE-2019-17101

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-23T19:15:12.607

Modified: 2021-10-29T18:42:42.987

Link: CVE-2019-17101

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"containers": {"cna": {"affected": [{"product": "Smart Indoor Camera", "vendor": "Netatmo", "versions": [{"lessThan": "4.2.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Bitdefender Labs"}], "datePublic": "2020-04-23T00:00:00", "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-23T18:35:12", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/"}], "solutions": [{"lang": "en", "value": "An update to firmware version 4.2.5 mitigates this issue"}], "source": {"discovery": "EXTERNAL"}, "title": "Command execution due to unsanitized input in Netatmo Smart Indoor Security Camera", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2020-04-23T18:00:00.000Z", "ID": "CVE-2019-17101", "STATE": "PUBLIC", "TITLE": "Command execution due to unsanitized input in Netatmo Smart Indoor Security Camera"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Smart Indoor Camera", "version": {"version_data": [{"version_affected": "<", "version_value": "4.2.5"}]}}]}, "vendor_name": "Netatmo"}]}}, "credit": [{"lang": "eng", "value": "Bitdefender Labs"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}]}, "references": {"reference_data": [{"name": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/", "refsource": "MISC", "url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/"}]}, "solution": [{"lang": "en", "value": "An update to firmware version 4.2.5 mitigates this issue"}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2019-17101", "datePublished": "2020-04-23T00:00:00", "dateReserved": "2019-10-02T00:00:00", "dateUpdated": "2020-04-23T18:35:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netatmo:smart_indoor_camera_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7000222-47AB-4EB5-BB76-152FB9B95A9F", "versionEndExcluding": "4.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netatmo:smart_indoor_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FB0749C-F517-43FE-B38F-E41AB99D1144", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions."}, {"lang": "es", "value": "Una Neutralizaci\u00f3n Inapropiada de Elementos Especiales usados en una vulnerabilidad de Comando (\"Command Injection\") en versiones de firmware anteriores a x.xx de Netatmo Smart Indoor Camera, permite a un atacante ejecutar comandos en el dispositivo. Este problema afecta: una versi\u00f3n de Netatmo Smart Indoor Camera y versiones anteriores."}], "id": "CVE-2019-17101", "lastModified": "2021-10-29T18:42:42.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 3.7, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2020-04-23T19:15:12.607", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}