CVE-2020-29000

An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system.

MISC: https://gist.github.com/tj-oconnor/d081f5f116a4865f888be81e2466d831
MISC: https://support.mygeeni.com/hc/en-us
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29000

14 years
256 countries
683k users
4525k calculations
Logo blog.camcloud.com
Logo reolink.com
Logo www.use-ip.co.uk
Logo secutek.cz
Logo www.elsec.cz
Logo ru.kedacom.com