Security Advisory for Networking Misconfiguration and Insufficient UART Protection Mechanisms

Arlo is aware of two security vulnerabilities that affect some Arlo base stations. One is caused by a network misconfiguration, and the other is caused by insufficient UART protection mechanisms. These vulnerabilities were promptly resolved in a series of automatic firmware updates.

This was not a security breach, and no videos or personal information were accessed as a result of the vulnerabilities. As the cybersecurity landscape continually and rapidly evolves, Arlo remains committed and on the forefront of collaborating with security researchers like BugCrowd and Tenable to proactively identify opportunities to further enhance the security of Arlo’s platform.

Networking Misconfiguration

Arlo base stations have two networking interfaces: one for the internal camera network and one for connection to an external LAN, such as a home network. If an attacker is connected to the same LAN as an Arlo base station, they can access the interface used for the internal camera network. This potentially allows the attacker to control a user’s Arlo camera.

This vulnerability affects the following products:

  • VMB3010
  • VMB4000
  • VMB3500
  • VMB4500
  • VMB5000

The following firmware updates were released by Arlo to resolve this vulnerability:

  • VMB3010 and VMB4000: 1.12.2.3_2762
  • VMB3500 and VMB4500: 1.12.2.4_2773
  • VMB5000: 1.12.2.2_2824

Note: For all Arlo products, firmware updates are sent to your devices automatically. You do not need to manually update your firmware.

Insufficient UART Protection Mechanisms

If someone has physical access to an Arlo base station, they can connect to the UART port using a serial connection. After making the connection, an attacker can gain access to sensitive information.

This vulnerability affects the following products:

  • VMB3010
  • VMB4000
  • VMB3500
  • VMB4500
  • VMB5000

The following firmware updates were released by Arlo to resolve this vulnerability:

  • VMB3010 and VMB4000: 1.12.2.3_2772
  • VMB3500 and VMB4500: 1.12.2.4_2773
  • VMB5000: 1.12.2.3_59_4a57cce

Note: For all Arlo products, firmware updates are sent to your devices automatically. You do not need to manually update your firmware.

Disclaimer

This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Arlo reserves the right to change or update this document at any time. Arlo expects to update this document as new information becomes available.

Acknowledgements

Jimi Sebree (https://www.tenable.com)

Contact

We appreciate and value having security concerns brought to our attention. Arlo constantly monitors for both known and unknown threats. Being proactive rather than reactive to emerging security issues is fundamental for product support at Arlo.

To report a security vulnerability, visit https://www.arlo.com/en-us/about/security/default.aspx.