CVE-2020-29000

Name of the Vulnerable Software and Affected Versions: Geeni GNC-CW013 doorbell version 1.8.1

Description: A vulnerability exists in the RTSP service of the device, allowing a remote attacker to take full control with a high-privileged account. By sending a crafted message, an attacker can remotely deliver a telnet session. Any attacker with the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system.

Recommendations: For Geeni GNC-CW013 doorbell version 1.8.1, consider disabling the RTSP service until a patch is available to prevent exploitation. Restrict access to the device's camera system to minimize the risk of unauthorized access. Avoid using the device until a fix is provided to ensure the security of the device and its associated systems. At the moment, there is no information about a newer version that contains a fix for this vulnerability.