CVE-2021-21301 LOW

CVE-2021-21301: Video feed was captured while user has disabled video

Vendor Wireapp
Product wire-ios
Weakness CWE-200 · Info exposure
Published February 11, 2021
Last update August 3, 2024

CVSS base score

2.6/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.

Key dates

02Disclosure timeline

February 11, 2021 CVE published
August 3, 2024 Record updated