PT-2021-11618 · Geeni · Geeni Gnc-Cw013
Published
2021-01-26
·
Updated
2021-02-03
·
CVE-2020-28999
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell version 1.8.1
Description:
A remote attacker can take full control of the camera with a high-privileged account due to a static
username and password being compiled into a shared library (libhipcam.so) used for the streaming camera service.Recommendations:
For version 1.8.1, consider disabling the streaming camera service temporarily until a patch is available to prevent exploitation. Restrict access to the
libhipcam.so library to minimize the risk of unauthorized control. Avoid using the default compiled username and password in the shared library until the issue is resolved.Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Geeni Gnc-Cw013