CVE-2019-12919 - OpenCVE

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cylan	Clever Dog Smart Camera Panorama Dog-2w Clever Dog Smart Camera Panorama Dog-2w Firmware Clever Dog Smart Camera Plus Dog-2w-v4 Clever Dog Smart Camera Plus Dog-2w-v4 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cylan:clever_dog_smart_camera_panorama_dog-2w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cylan:clever_dog_smart_camera_panorama_dog-2w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cylan:clever_dog_smart_camera_plus_dog-2w-v4_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cylan:clever_dog_smart_camera_plus_dog-2w-v4:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.exploit-db.com/exploits/46993

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-20T18:57:13

Updated: 2024-08-04T23:32:55.578Z

Reserved: 2019-06-20T00:00:00

Link: CVE-2019-12919

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-06-20T19:15:10.057

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-12919

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-20T18:57:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/46993"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12919", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.exploit-db.com/exploits/46993", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/46993"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:32:55.578Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46993"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12919", "datePublished": "2019-06-20T18:57:13", "dateReserved": "2019-06-20T00:00:00", "dateUpdated": "2024-08-04T23:32:55.578Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cylan:clever_dog_smart_camera_panorama_dog-2w_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D25D56F-C8B8-42CF-B310-3B33010FCA17", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cylan:clever_dog_smart_camera_panorama_dog-2w:-:*:*:*:*:*:*:*", "matchCriteriaId": "0ECA19E7-08C4-426F-A304-6225937C57B3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cylan:clever_dog_smart_camera_plus_dog-2w-v4_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "78A2FB49-150A-4279-B0B5-71EE0C488A25", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cylan:clever_dog_smart_camera_plus_dog-2w-v4:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2667CF6-E8A4-4EFB-A13B-18437A460EC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device."}, {"lang": "es", "value": "En los dispositivos DOG-2W y DOG-2W-V4 de la c\u00e1mara inteligente de Shenzhen Cylan Clever Dog, un atacante en la red local tiene acceso no autenticado a la tarjeta SD interna a trav\u00e9s del servicio HTTP en el puerto 8000. El servidor web HTTP de la c\u00e1mara permite que cualquiera pueda vea o descargue el archivo de video grabado y guardado en la tarjeta de memoria externa adjunta al dispositivo."}], "id": "CVE-2019-12919", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-20T19:15:10.057", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46993"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}