CVE-2021-3790

Vulnerability

A buffer overflow vulnerability exists in the local web server of certain Motorola-branded Binatone Hubble Cameras. The issue allows an unauthenticated attacker on the same network to trigger a denial-of-service condition. The affected products include specific models of Motorola-branded Binatone Hubble Cameras; the advisory [1] does not list exact firmware versions but the vulnerability is present in devices running affected firmware.

Exploitation

An attacker must be on the same local network as the target camera. No authentication is required. The attacker sends a specially crafted HTTP request to the camera's web server, causing a buffer overflow that crashes the web server process or renders the device unresponsive.

Impact

Successful exploitation results in a denial-of-service (DoS) condition. The camera may become temporarily or permanently unresponsive, requiring a power cycle to recover. No code execution or data exfiltration is reported for this specific CVE.

Mitigation

The vendor has published a security advisory [1] that covers this vulnerability. Users are advised to update the camera firmware to the latest version provided by Binatone. If a firmware update is not available, restricting network access to the camera (e.g., via firewall rules or VLAN segmentation) can reduce the attack surface. The advisory does not specify a fixed version release date.