-
-
Save tj-oconnor/371d34342c0cc2be015cc89d6dc2bc66 to your computer and use it in GitHub Desktop.
CVE-2020-29001
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
------------------------------------------ | |
CVE-2020-29001 | |
------------------------------------------ | |
[Suggested description] | |
An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, | |
Geeni GNC-CW025 Doorbell 2.9.5, | |
Merkury MI-CW024 Doorbell 2.9.6, and | |
Merkury MI-CW017 Camera 2.9.6 devices. | |
A vulnerability exists in the RESTful Services API | |
that allows a remote attacker to take | |
full control of the camera with a high-privileged account. The | |
vulnerability exists because a static username and password are | |
compiled into the ppsapp RESTful application. | |
[Additional Information] | |
Contacted Merkury Innovations on 21 Nov 20. | |
[Vulnerability Type] | |
Incorrect Access Control | |
[Vendor of Product] | |
Geeni | |
[Affected Product Code Base] | |
GNC-CW028 Camera - Version 2.7.2 (Current) | |
GNC-CW025 Doorbell - Version 2.9.5 (Current) | |
MI-CW024 Doorbell - Version 2.9.6 (Current0 | |
MI-CW017 Camera - Version 2.9.6 (Current) | |
[Affected Component] | |
RESTFul Web Application | |
[Attack Type] | |
Remote | |
[Impact Code execution] | |
true | |
[Attack Vectors] | |
An attacker is able to use the RESTFul API to steal password hashes, | |
enable telnet service, gain access to stored audio/video files using | |
default/static credentials that are compiled into the RESTFul web | |
application application. | |
[Discoverer] | |
TJ OConnor, Daniel Campos: Florida Tech IoT S&P Lab | |
[References] | |
https://research.fit.edu/media/site-specific/researchfitedu/iot-lab/Geeni_Disclosures.pdf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment