CVE-2020-29001

Name of the Vulnerable Software and Affected Versions: Geeni GNC-CW028 Camera version 2.7.2 Geeni GNC-CW025 Doorbell version 2.9.5 Merkury MI-CW024 Doorbell version 2.9.6 Merkury MI-CW017 Camera version 2.9.6

Description: A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The issue arises because a static username and password are compiled into the ppsapp RESTful application.

Recommendations: For Geeni GNC-CW028 Camera version 2.7.2, consider disabling the RESTful Services API until a patch is available. For Geeni GNC-CW025 Doorbell version 2.9.5, restrict access to the ppsapp RESTful application to minimize the risk of exploitation. For Merkury MI-CW024 Doorbell version 2.9.6, avoid using static username and password in the RESTful Services API. For Merkury MI-CW017 Camera version 2.9.6, temporarily disable the ppsapp RESTful application to prevent remote attackers from taking control of the camera.