CVE-2019-12919

MEDIUM

Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 - Unauthenticated SD Card Access via HTTP Service

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12919. PoCs published by Alex Akinbi.

AI-analyzed exploit summary This is a vulnerability writeup detailing multiple security issues in Clever Dog Smart Camera models DOG-2W and DOG-2W-V4, including unauthenticated file disclosure, hardcoded telnet credentials, and unencrypted password transmission. No exploit code is provided.

Description

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device.

Exploits (1)

exploitdb WRITEUP
by Alex Akinbi · textwebappshardware
https://www.exploit-db.com/exploits/46993

This is a vulnerability writeup detailing multiple security issues in Clever Dog Smart Camera models DOG-2W and DOG-2W-V4, including unauthenticated file disclosure, hardcoded telnet credentials, and unencrypted password transmission. No exploit code is provided.

Classification
Writeup 100%
Attack Type
Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Clever Dog Smart Camera DOG-2W, DOG-2W-V4
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/46993

Scores

CVSS v3 5.5
EPSS 0.0035
EPSS Percentile 27.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-306
Status published
Products (2)
cylan/clever_dog_smart_camera_panorama_dog-2w_firmware
cylan/clever_dog_smart_camera_plus_dog-2w-v4_firmware
Published Jun 20, 2019
Tracked Since Feb 18, 2026