CVE-2021-3577

Vulnerability

CVE-2021-3577 is an unauthenticated remote code execution vulnerability in some Motorola-branded Binatone Hubble Cameras [1]. The vulnerability allows an attacker on the same local network to gain unauthorized access to the device without any authentication or user interaction. Affected models include the Motorola-branded cameras manufactured by Binatone, but specific firmware versions are not listed in the advisory.

Exploitation

An attacker needs to be on the same network as the target camera. No authentication or special privileges are required. The attacker can send crafted network requests to the camera's services to trigger the vulnerability and execute arbitrary code.

Impact

Successful exploitation leads to full remote code execution on the device, granting the attacker unauthorized access. This could allow the attacker to compromise the camera's functionality, exfiltrate video feeds, or pivot to other devices on the network.

Mitigation

As of the advisory publication date (November 2021), no firmware update has been released to address this vulnerability [1]. Users are advised to isolate the device on a separate network segment and monitor Binatone's security advisory page for updates.