A number of information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries intended to work with the Bloomsky SKY2 Weather Camera Stations. This includes individual users' email addresses, mobile operating system information, and lat/long geographical data, which constitutes an "Exposure of Private Information" vulnerability, CWE-359, with a CVSS score of 4.3. In addition, users can upload images to cloud storage (Amazon S3 buckets) associated with other users' cameras simply by knowing the associated user ID, which is obtainable via the JSON info leak described. This is an instance of CWE-345, "Insufficient Verification of Data Authenticity," also with a CVSS score of 4.3.
Product description
The Bloomsky SKY2 weather camera station, described at the vendor's website, is a home-based weather station intended to record and share weather data with a network of over 100,000 registered users (note that registration is free to anyone without purchase of a device or subscription service). The device also records and shares (usually) outdoor images.
Credit
These issues were discovered by independent security researcher Andrew MacPherson, and reported to Rapid7 for disclosure in accordance with Rapid7's vulnerability disclosure policy.
Exploitation
There are two exploitable issues ..
Support the originator by clicking the read the rest link below.
