CVE-2020-29000
Summary
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- HIGH
- HIGH
- HIGH
References
Advisory Timeline
- Published