MidnightBSD

Advisories for cylan

CVE-2019-12919 LOW

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device.

CVSS 2.0

Severity: LOW

Problem Type: CWE-306,

Products Affected

Vendor Product Version
cylan clever_dog_smart_camera_panorama_dog-2w_firmware -
cylan clever_dog_smart_camera_plus_dog-2w-v4_firmware -
CVE-2019-12920 HIGH

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
cylan clever_dog_smart_camera_panorama_dog-2w_firmware -
cylan clever_dog_smart_camera_plus_dog-2w-v4_firmware -