tj-oconnor/CVE-2020-29001.txt Secret

## CVE-2020-29001.txt
------------------------------------------
CVE-2020-29001
------------------------------------------

[Suggested description]
An issue was discovered on Geeni GNC-CW028 Camera 2.7.2,
Geeni GNC-CW025 Doorbell 2.9.5,
Merkury MI-CW024 Doorbell 2.9.6, and
Merkury MI-CW017 Camera 2.9.6 devices.
A vulnerability exists in the RESTful Services API
that allows a remote attacker to take
full control of the camera with a high-privileged account. The
vulnerability exists because a static username and password are
compiled into the ppsapp RESTful application.


[Additional Information]
Contacted Merkury Innovations  on 21 Nov 20.

[Vulnerability Type]
Incorrect Access Control

[Vendor of Product]
Geeni

[Affected Product Code Base]
GNC-CW028 Camera - Version 2.7.2 (Current)
GNC-CW025 Doorbell - Version 2.9.5 (Current)
MI-CW024 Doorbell - Version 2.9.6 (Current0
MI-CW017 Camera - Version 2.9.6 (Current)


[Affected Component]
RESTFul Web Application


[Attack Type]
Remote


[Impact Code execution]
true


[Attack Vectors]
An attacker is able to use the RESTFul API to steal password hashes,
enable telnet service, gain access to stored audio/video files using
default/static credentials that are compiled into the RESTFul web
application application.

[Discoverer]
TJ OConnor, Daniel Campos: Florida Tech IoT S&P Lab

[References]
https://research.fit.edu/media/site-specific/researchfitedu/iot-lab/Geeni_Disclosures.pdf
	------------------------------------------
	CVE-2020-29001
	------------------------------------------

	[Suggested description]
	An issue was discovered on Geeni GNC-CW028 Camera 2.7.2,
	Geeni GNC-CW025 Doorbell 2.9.5,
	Merkury MI-CW024 Doorbell 2.9.6, and
	Merkury MI-CW017 Camera 2.9.6 devices.
	A vulnerability exists in the RESTful Services API
	that allows a remote attacker to take
	full control of the camera with a high-privileged account. The
	vulnerability exists because a static username and password are
	compiled into the ppsapp RESTful application.


	[Additional Information]
	Contacted Merkury Innovations on 21 Nov 20.

	[Vulnerability Type]
	Incorrect Access Control

	[Vendor of Product]
	Geeni

	[Affected Product Code Base]
	GNC-CW028 Camera - Version 2.7.2 (Current)
	GNC-CW025 Doorbell - Version 2.9.5 (Current)
	MI-CW024 Doorbell - Version 2.9.6 (Current0
	MI-CW017 Camera - Version 2.9.6 (Current)


	[Affected Component]
	RESTFul Web Application


	[Attack Type]
	Remote


	[Impact Code execution]
	true


	[Attack Vectors]
	An attacker is able to use the RESTFul API to steal password hashes,
	enable telnet service, gain access to stored audio/video files using
	default/static credentials that are compiled into the RESTFul web
	application application.

	[Discoverer]
	TJ OConnor, Daniel Campos: Florida Tech IoT S&P Lab

	[References]
	https://research.fit.edu/media/site-specific/researchfitedu/iot-lab/Geeni_Disclosures.pdf