Unauthenticated Access to Snapshots and Video Streams on NightOwl WDB-20-V2 Doorbell

Unauthenticated Access to Snapshots and Video Streams on NightOwl WDB-20-V2 Doorbell

CVE-2021-31793 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the /snapshot URI.

Learn more about our Web App Pen Testing.