CVE-2021-31793
HIGHNightOwl WDB-20-V2 WDB-20-V2_20190314 - Unauthenticated Snapshot Access via /snapshot URI
Title source: llmDescription
An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the /snapshot URI.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://gist.github.com/tj-oconnor/16a4116050bbcb4717315f519b944f1f
Third Party Advisory x_refsource_misc
https://cloud.binary.ninja/embed/f4400a22-c438-403a-bf2a-939ca44a4f6b
Scores
CVSS v3
7.5
EPSS
0.0127
EPSS Percentile
66.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (1)
nightowlsp/wdb-20_firmware
20190314
Published
May 06, 2021
Tracked Since
Feb 18, 2026