exploitDog

CVE-2020-28999

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library (libhipcam.so) used to provide the streaming camera service.

Ссылки

https://gist.github.com/tj-oconnor/74f9ebbad668f3a7ce31a968452190d7
Third Party Advisory
https://support.mygeeni.com/hc/en-us
Product
https://gist.github.com/tj-oconnor/74f9ebbad668f3a7ce31a968452190d7
Third Party Advisory
https://support.mygeeni.com/hc/en-us
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:mygeeni:gnc-cw013_firmware:1.8.1:*:*:*:*:*:*:*

cpe:2.3:h:mygeeni:gnc-cw013:-:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00634

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-36g6-qxc2-h92h

github

больше 3 лет назад

An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library (libhipcam.so) used to provide the streaming camera service.

EPSS

Процентиль: 70%

0.00634

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-798