Skip to content

Instantly share code, notes, and snippets.

@tj-oconnor
Last active January 26, 2021 10:35
Show Gist options
  • Save tj-oconnor/74f9ebbad668f3a7ce31a968452190d7 to your computer and use it in GitHub Desktop.
Save tj-oconnor/74f9ebbad668f3a7ce31a968452190d7 to your computer and use it in GitHub Desktop.
CVE-2020-28999
------------------------------------------
CVE-2020-28999
------------------------------------------
[Description]
An issue was discovered in Apexis Streaming Video Web Application on
Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take
full control of the camera with a high-privileged account. The
vulnerability exists because a static username and password are
compiled into a shared library (libhipcam.so) used to provide the
streaming camera service.
[Additional Information]
Reported to Merkury Innovations on 21 Nov 20.
[Vulnerability Type]
Incorrect Access Control
[Vendor of Product]
Geeni
[Affected Product Code Base]
GNC-CW013 Doorbell - Version 1.8.1 (Current)
[Affected Component]
Apexis Streaming Video Web Application
[Attack Type]
Remote
[Impact Code execution]
true
[Attack Vectors]
An attacker is able to remotely login into the web application of the device using an account that is static/hidden from the user.
[Discoverer]
TJ OConnor, Daniel Campos: Florida Tech IoT S&P Lab
[References]
https://research.fit.edu/media/site-specific/researchfitedu/iot-lab/Geeni_Disclosures.pdf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment