CVE-2020-29000

An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system.

CVSS v3 7.2 HIGH
CVSS v2.0 9.0 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://gist.github.com/tj-oconnor/d081f5f116a4865f888be81e2466d831	Third Party Advisory
https://support.mygeeni.com/hc/en-us	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mygeeni:gnc-cw013_firmware:1.8.1:*:*:*:*:*:*:*

cpe:2.3:h:mygeeni:gnc-cw013:-:*:*:*:*:*:*:*

History

03 Feb 2021, 14:36

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 9.0 v3 : 7.2
References	~~(MISC) https://support.mygeeni.com/hc/en-us -~~	(MISC) https://support.mygeeni.com/hc/en-us - Product
References	~~(MISC) https://gist.github.com/tj-oconnor/d081f5f116a4865f888be81e2466d831 -~~	(MISC) https://gist.github.com/tj-oconnor/d081f5f116a4865f888be81e2466d831 - Third Party Advisory
CPE		cpe:2.3:o:mygeeni:gnc-cw013_firmware:1.8.1:::::::* cpe:2.3:h:mygeeni:gnc-cw013:-:::::::*

26 Jan 2021, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-01-26 18:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-29000

Mitre link : CVE-2020-29000

CVE.ORG link : CVE-2020-29000

JSON object : View

Products Affected

mygeeni

gnc-cw013_firmware
gnc-cw013

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-29000", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2021-01-26T18:15:51.617", "references": [{"url": "https://gist.github.com/tj-oconnor/d081f5f116a4865f888be81e2466d831", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.mygeeni.com/hc/en-us", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos Geeni GNC-CW013 doorbell versi\u00f3n 1.8.1. Se presenta una vulnerabilidad en el servicio RTSP que permite a un atacante remoto tomar el control total del dispositivo con una cuenta muy privilegiada. Al enviar un mensaje dise\u00f1ado, un atacante es capaz de enviar una sesi\u00f3n de telnet remotamente. Cualquier atacante que tenga la capacidad de controlar el DNS puede explotar esta vulnerabilidad para iniciar sesi\u00f3n remotamente en el dispositivo y conseguir acceso al sistema de la c\u00e1mara"}], "lastModified": "2021-02-03T14:36:42.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mygeeni:gnc-cw013_firmware:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07E9F4C5-DB76-4416-A493-8F3771925ABA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mygeeni:gnc-cw013:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "55ED786D-F53A-4A7C-A3FC-98B0E956C8E0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}