Presence and Welcome CVE and blocked url
-
- Posts: 15
- Joined: 22 Jun 2016, 09:19
Presence and Welcome CVE and blocked url
So, I had an alert today on my firewall telling me that it had blocked the welcome camera opening a URL http://142.250.178.14/generate_204, which was supprising. The I carried out a vulnerability scan on both my welcome and pressence camera which came up with a CVE on both cameras with regards to "lighttpd 1.4.58, Port 80" which looks like DOS. Is this known by netatmo and if so what are they doing about it. By the way the F/W versions are 3.10.0 and 5.14 respectively
-
- Posts: 3098
- Joined: 02 Jan 2014, 11:20
Re: Presence and Welcome CVE and blocked url
Hi telemarkhero,
Thank you for letting us know about this alert from your firewall.
First of all, please note that the best place to report potential security issues is this page: https://www.netatmo.com/security-incidents
Then, we have no idea why your firewall raised an alert on http://142.250.178.14/generate_204. This is a perfectly legit URL used by Android, the IP address belongs to Google.
Lastly, there are a couple of known DoS reported for this lighttpd server version, which are not exploitable on Netatmo products as they impact lighttpd modules that are not loaded on your camera.
Security is in our DNA and we do our best to guarantee the highest protection available for our products. We always make sure to update components potentially impacted by security issues.
I hope it helps!
Thank you for letting us know about this alert from your firewall.
First of all, please note that the best place to report potential security issues is this page: https://www.netatmo.com/security-incidents
Then, we have no idea why your firewall raised an alert on http://142.250.178.14/generate_204. This is a perfectly legit URL used by Android, the IP address belongs to Google.
Lastly, there are a couple of known DoS reported for this lighttpd server version, which are not exploitable on Netatmo products as they impact lighttpd modules that are not loaded on your camera.
Security is in our DNA and we do our best to guarantee the highest protection available for our products. We always make sure to update components potentially impacted by security issues.
I hope it helps!
Brieuc - Netatmo Team