CVE-2021-31793

An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the /snapshot URI.

Summary:

An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the /snapshot URI.

Reference Links(if available):

  • https://gist.github.com/tj-oconnor/16a4116050bbcb4717315f519b944f1f
  • https://cloud.binary.ninja/embed/f4400a22-c438-403a-bf2a-939ca44a4f6b
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)