14 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-28713
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via a...
CVE-2020-28713
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The we...
UBUNTU-CVE-2020-28713
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The we...
CVE-2020-28713
Night Owl Smart Doorbell FW 20190505 is affected by CVE-2020-28713 due to incorrect access control in the push notification service (PNS). The web service does not authenticate requests, allowing remote attackers to send push notification events to a user’s mobile app by replaying or crafting fal...
Night Owl Smart Doorbell FW 安全漏洞
Night Owl Smart Doorbell FW is a smart doorbell from Night Owl USA. A security vulnerability exists in Night Owl Smart Doorbell FW version 20190505 that allows a remote user to send push notification events via an exposed PNS server...
Night Owl WDB-20-V2 访问控制错误漏洞
Night Owl WDB-20-V2 is a webcam from Night Owl UK. A security vulnerability exists in the NightOwl WDB-20-V2 WDB-20-V2 20190314 device that allows an unauthenticated user to obtain a snapshot from the doorbell camera via the snapshot URI...
Chasing doorbells: Finding IoT vulnerabilities in embedded devices
The goal of this research project was to see if we could find any vulnerabilities and obtain full persistence on an IoT device, while learning about embedded devices in general. This post will take you through our journey to find vulnerabilities in a common, reasonably priced IoT device. For our...
CVE-2018-10676
CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI...
Information disclosure
CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI...
CVE-2018-10676
CVE-2018-10676 affects CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices. A remote attacker can download a file and obtain sensitive credential information by directly requesting the download.rsp URI, exposing a likely information-disclosure vulnerability. The CVSS data i...
Authentication flaw
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin"...
CVE-2018-9995
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a “Cookie: uid=admin”...
Night Owl-Bluelight Cut Filter - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application Night Owl-Bluelight Cut Filter published at the 'play' market has multiple vulnerabilities...
Ray Sharp DVR Password Retriever
This module takes advantage of a protocol design issue with the Ray Sharp based DVR systems. It is possible to retrieve the username and password through the TCP service running on port 9000. Other brands using this platform and exposing the same issue may include Swann, Lorex, Night Owl, Zmodo,...