CVE-2020-29000

{"id": "CVE-2020-29000", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2021-01-26T18:15:51.617", "references": [{"url": "https://gist.github.com/tj-oconnor/d081f5f116a4865f888be81e2466d831", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.mygeeni.com/hc/en-us", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/tj-oconnor/d081f5f116a4865f888be81e2466d831", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.mygeeni.com/hc/en-us", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos Geeni GNC-CW013 doorbell versi\u00f3n 1.8.1. Se presenta una vulnerabilidad en el servicio RTSP que permite a un atacante remoto tomar el control total del dispositivo con una cuenta muy privilegiada. Al enviar un mensaje dise\u00f1ado, un atacante es capaz de enviar una sesi\u00f3n de telnet remotamente. Cualquier atacante que tenga la capacidad de controlar el DNS puede explotar esta vulnerabilidad para iniciar sesi\u00f3n remotamente en el dispositivo y conseguir acceso al sistema de la c\u00e1mara"}], "lastModified": "2024-11-21T05:23:27.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mygeeni:gnc-cw013_firmware:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07E9F4C5-DB76-4416-A493-8F3771925ABA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mygeeni:gnc-cw013:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "55ED786D-F53A-4A7C-A3FC-98B0E956C8E0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}