PT-2019-13021 · Shenzhen Cylan · Clever Dog Smart Camera

Published

2019-06-20

Updated

2021-07-21

CVE-2019-12919

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Shenzhen Cylan Clever Dog Smart Camera versions DOG-2W and DOG-2W-V4

Description The issue allows an attacker on the local network to have unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera enables anyone to view or download the video archive recorded and saved on the external memory card attached to the device.

Recommendations For versions DOG-2W and DOG-2W-V4, restrict access to the HTTP service on port 8000 to prevent unauthorized access to the internal SD card. Consider disabling the HTTP web server until a patch is available to mitigate the risk of exploitation.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-12919

Affected Products

Clever Dog Smart Camera

PT-2019-13021 · Shenzhen Cylan · Clever Dog Smart Camera

CVE-2019-12919

Weakness Enumeration

Related Identifiers

Affected Products

References · 2