CVE-2020-28713

Name of the Vulnerable Software and Affected Versions: Night Owl Smart Doorbell FW version 20190505

Description: The issue is related to incorrect access control in the push notification service, allowing remote users to send push notification events via an exposed PNS server. A remote attacker can record push notification events sent over an insecure web request. The web service lacks request authentication, enabling attackers to send a large number of motion or doorbell events to a user's mobile application by replaying or crafting false events.

Recommendations: For Night Owl Smart Doorbell FW version 20190505, consider restricting access to the push notification service to prevent unauthorized sending of events until a fix is available. As a temporary workaround, disabling the push notification feature can help minimize the risk of exploitation.