CVE-2019-12920

Name of the Vulnerable Software and Affected Versions Shenzhen Cylan Clever Dog Smart Camera versions DOG-2W and DOG-2W-V4

Description The issue allows an attacker on the network to login remotely to the camera and gain root access. This is possible because the device ships with a hardcoded password 12345678 for the root account, which is accessible from a TELNET login prompt.

Recommendations For versions DOG-2W and DOG-2W-V4, change the hardcoded root password 12345678 to a unique and strong password to prevent unauthorized access. As a temporary workaround, consider disabling the TELNET login prompt until a patch is available. Restrict access to the root account to minimize the risk of exploitation.