CVE-2019-12920

CRITICAL

Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 - Unauthenticated Remote Root Access via Hardcoded TELNET Credentials

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12920. PoCs published by Alex Akinbi.

AI-analyzed exploit summary This is a vulnerability writeup detailing multiple security issues in Clever Dog Smart Camera models DOG-2W and DOG-2W-V4, including unauthenticated file disclosure, hardcoded telnet credentials, and unencrypted password transmission. No exploit code is provided.

Description

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt.

Exploits (1)

exploitdb WRITEUP
by Alex Akinbi · textwebappshardware
https://www.exploit-db.com/exploits/46993

This is a vulnerability writeup detailing multiple security issues in Clever Dog Smart Camera models DOG-2W and DOG-2W-V4, including unauthenticated file disclosure, hardcoded telnet credentials, and unencrypted password transmission. No exploit code is provided.

Classification
Writeup 100%
Attack Type
Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Clever Dog Smart Camera DOG-2W, DOG-2W-V4
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/46993

Scores

CVSS v3 9.8
EPSS 0.0228
EPSS Percentile 80.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (2)
cylan/clever_dog_smart_camera_panorama_dog-2w_firmware
cylan/clever_dog_smart_camera_plus_dog-2w-v4_firmware
Published Jun 20, 2019
Tracked Since Feb 18, 2026