CVE-2020-29000
Last modified
CVE-2020-29000 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. EPSS estimates a 2.53% chance of exploitation in the next 30 days.
Description
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mygeeni | Gnc-Cw013 Firmware | 1.8.1 |
References
- https://gist.github.com/tj-oconnor/d081f5f116a4865f888be81e2466d831Third Party Advisory
- https://gist.github.com/tj-oconnor/d081f5f116a4865f888be81e2466d831Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-29000?
How severe is CVE-2020-29000?
How do I fix CVE-2020-29000?
Are you affected by CVE-2020-29000?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST