CVE-2020-28999

An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library (libhipcam.so) used to provide the streaming camera service.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mygeeni:gnc-cw013_firmware:1.8.1:*:*:*:*:*:*:*
cpe:2.3:h:mygeeni:gnc-cw013:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:23

Type Values Removed Values Added
References () https://gist.github.com/tj-oconnor/74f9ebbad668f3a7ce31a968452190d7 - Third Party Advisory () https://gist.github.com/tj-oconnor/74f9ebbad668f3a7ce31a968452190d7 - Third Party Advisory
References () https://support.mygeeni.com/hc/en-us - Product () https://support.mygeeni.com/hc/en-us - Product

Information

Published : 2021-01-26 18:15

Updated : 2024-11-21 05:23


NVD link : CVE-2020-28999

Mitre link : CVE-2020-28999

CVE.ORG link : CVE-2020-28999


JSON object : View

Products Affected

mygeeni

  • gnc-cw013
  • gnc-cw013_firmware
CWE
CWE-798

Use of Hard-coded Credentials