Skip to content

Instantly share code, notes, and snippets.

@tj-oconnor

tj-oconnor/CVE-2020-29000.txt Secret

Last active Jan 26, 2021
Embed
What would you like to do?
CVE-2020-29000
------------------------------------------
CVE-2020-29000
------------------------------------------
[Description]
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices.
A vulnerability exists in the RTSP service that allows a remote
attacker to take full control of the device with a high-privileged
account. By sending a crafted message, an attacker is able to
remotely deliver a telnet session. Any attacker that has the ability to
control DNS can exploit this vulnerability to remotely login to the
device and gain access to the camera system.
[Additional Information]
Reported to Merkury Innovations on 21 Nov 20.
[Vulnerability Type]
Incorrect Access Control
[Vendor of Product]
Geeni
[Affected Product Code Base]
GNC-CW013 Doorbell - Version 1.8.1 (Current)
[Affected Component]
RSTP Service
[Attack Type]
Remote
[Impact Code execution]
true
[Attack Vectors]
An attacker who is able to send a specially crafted UDP message to the device can enable a reverse telnet session into the device.
[Discoverer]
TJ OConnor, Daniel Campos: Florida Tech IoT S&P Lab
[References]
https://research.fit.edu/media/site-specific/researchfitedu/iot-lab/Geeni_Disclosures.pdf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment