CVE-2019-12919

Name of the Vulnerable Software and Affected Versions Shenzhen Cylan Clever Dog Smart Camera versions DOG-2W and DOG-2W-V4

Description The issue allows an attacker on the local network to have unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera enables anyone to view or download the video archive recorded and saved on the external memory card attached to the device.

Recommendations For versions DOG-2W and DOG-2W-V4, restrict access to the HTTP service on port 8000 to prevent unauthorized access to the internal SD card. Consider disabling the HTTP web server until a patch is available to mitigate the risk of exploitation.