CVE-2019-3949

Vulnerability

Networking misconfiguration in Arlo Base Station firmware versions 1.12.0.1_27940 and prior allows an attacker on the same LAN to access the internal camera network interface [1]. Affected products include VMB3010, VMB4000, VMB3500, VMB4500, and VMB5000 [1]. The base station exposes two interfaces: one for the internal camera network and one for the external LAN; the misconfiguration permits traversal from the LAN to the camera network [1].

Exploitation

An attacker needs to be connected to the same local area network (LAN) as the Arlo Base Station [1]. No authentication or user interaction is required beyond network access [1]. The attacker can then communicate with the internal camera network interface, enabling upload or download of arbitrary files and potentially executing malicious code [1].

Impact

Successful exploitation allows an attacker to control the user’s Arlo cameras, upload or download arbitrary files, and potentially execute malicious code on the device [1]. This compromises the confidentiality, integrity, and availability of the camera system and associated data [1].

Mitigation

Arlo resolved this vulnerability through automatic firmware updates: VMB3010 and VMB4000 updated to 1.12.2.3_2762; VMB3500 and VMB4500 updated to 1.12.2.4_2773; VMB5000 updated to 1.12.2.2_2824 [1]. No workarounds are documented; users should ensure their devices have received the updates automatically [1].