Skip to content

Instantly share code, notes, and snippets.


tj-oconnor/CVE-2020-29000.txt Secret

Last active Jan 26, 2021
What would you like to do?
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices.
A vulnerability exists in the RTSP service that allows a remote
attacker to take full control of the device with a high-privileged
account. By sending a crafted message, an attacker is able to
remotely deliver a telnet session. Any attacker that has the ability to
control DNS can exploit this vulnerability to remotely login to the
device and gain access to the camera system.
[Additional Information]
Reported to Merkury Innovations on 21 Nov 20.
[Vulnerability Type]
Incorrect Access Control
[Vendor of Product]
[Affected Product Code Base]
GNC-CW013 Doorbell - Version 1.8.1 (Current)
[Affected Component]
RSTP Service
[Attack Type]
[Impact Code execution]
[Attack Vectors]
An attacker who is able to send a specially crafted UDP message to the device can enable a reverse telnet session into the device.
TJ OConnor, Daniel Campos: Florida Tech IoT S&P Lab
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment