[Suggested description]
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices.
The device by default has a TELNET interface available (which is not
advertised or functionally used, but is nevertheless available). Two
backdoor accounts (root and default) exist that can be used on this
interface. The usernames and passwords of the backdoor accounts are the
same on all devices. Attackers can use these backdoor accounts to
obtain access and execute code as root within the device.
------------------------------------------
[Vulnerability Type]
Incorrect Access Control
------------------------------------------
[Vendor of Product]
Sannce
------------------------------------------
[Affected Product Code Base]
Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317
------------------------------------------
[Affected Component]
Telnet daemon
------------------------------------------
[Attack Type]
Local
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Attack Vectors]
Anyone with network access to the device can trigger this vulnerability.
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation.
------------------------------------------
[Reference]
https://www.sannce.com
Use CVE-2019-20467.