Security Advisory for Arlo Q Plus SSH Use of Hard-coded Credentials Allowing Privilege Escalation

This article applies to:

VMC3040S

Arlo is aware of a security vulnerability in the Arlo Q Plus device. This is caused by a security misconfiguration that allowed attackers with physical access to the device to escalate privileges. This vulnerability was promptly resolved by an automatic firmware update.

This was not a security breach and no videos or personal information were accessed as a result of this vulnerability. As the cybersecurity landscape continually and rapidly evolves, Arlo remains committed and on the forefront of collaborating with security researchers like Bugcrowd and Trend Micro to proactively identify opportunities to further enhance the security of Arlo’s platform.

Security Misconfiguration

The specific flaw exists within the SSH service. An attacker with physical access to the camera can boot into a special operation mode where hard-coded credentials are accepted for SSH authentication and can leverage this vulnerability to escalate privileges to root.

This vulnerability affects the following products:

• VMC3040S

The following firmware update was released by Arlo to resolve this vulnerability:

VMC3040S: 1.9.0.8_199_3707910

Note: For all Arlo products, firmware updates are sent to your devices automatically. You do not need to manually update your firmware

Disclaimer:

This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Arlo reserves the right to change or update this document at any time. Arlo expects to update this document as new information becomes available.

Acknowledgements

Team FLASHBACK: Pedro Ribeiro (@pedrib1337 | pedrib@gmail.com) and Radek Domanski (@RabbitPro) working with Trend Micro Zero Day Initiative.

Contact

We appreciate and value having security concerns brought to our attention. Arlo constantly monitors for both known and unknown threats. Being proactive rather than reactive to emerging security issues is fundamental for product support at Arlo.

To report a security vulnerability, visit https://www.arlo.com/en-us/about/security/default.aspx.


Last Updated:06/10/2021 | Article ID: 000062592

Was this article helpful?

image description Yes image description No

Arlo Community

Learn from other Arlo users like you and experts that are offering up best practices and answering some common questions. Get involved and suggest your own topics to discuss as well.

Ask the Community

Contact Us

Have additional questions? Try our live chat or give us a call. Our team of Arlo experts is ready to answer your questions and help in any way that we can.

Contact Support