CVE-2021-31793 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2021-31793?

CVE-2021-31793 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated attackers to access live snapshots and video streams from NightOwl WDB-20-V2 doorbell cameras. The device's web server on port 80 exposes a /snapshot endpoint without authentication. All users of affected NightOwl doorbell devices are impacted.

📋 TL;DR

This vulnerability allows unauthenticated attackers to access live snapshots and video streams from NightOwl WDB-20-V2 doorbell cameras. The device's web server on port 80 exposes a /snapshot endpoint without authentication. All users of affected NightOwl doorbell devices are impacted.

💻 Affected Systems

Products:

NightOwl WDB-20-V2 Doorbell

Versions: WDB-20-V2_20190314 and likely earlier versions

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the binary app web server component running on the doorbell device itself.

📦 What is this software?

Wdb 20 Firmware by Nightowlsp

View all CVEs affecting Wdb 20 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete surveillance compromise allowing continuous unauthorized monitoring of doorbell camera feeds, potentially enabling stalking, property surveillance, or reconnaissance for physical break-ins.

🟠

Likely Case

Unauthorized access to doorbell snapshots and video streams, compromising resident privacy and potentially revealing home occupancy patterns.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted internet access, though local network access could still be exploited.

🌐 Internet-Facing: HIGH - The vulnerability is unauthenticated and affects devices directly exposed to the internet via port 80.

🏢 Internal Only: MEDIUM - Attackers on the local network can exploit this without authentication, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP GET request to /snapshot endpoint. Proof-of-concept code is publicly available in GitHub gists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not found

Restart Required: No

Instructions:

No official patch available. Check NightOwl website for firmware updates or contact vendor support.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate doorbell device on separate VLAN or network segment with restricted access.

Firewall Block

linux

Block inbound and outbound traffic to/from doorbell device on port 80.

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Disconnect device from internet and use only on isolated local network
Physically disable or cover camera when not in use

🔍 How to Verify

Check if Vulnerable:

Attempt HTTP GET request to http://[doorbell-ip]/snapshot. If it returns a camera snapshot without authentication, device is vulnerable.

Check Version:

Check device web interface or mobile app for firmware version information.

Verify Fix Applied:

Same check should return authentication error or 404 after mitigation.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP GET requests to /snapshot endpoint from unauthorized IPs
Multiple failed authentication attempts followed by /snapshot access

Network Indicators:

HTTP traffic to port 80 of doorbell devices from unexpected sources
Pattern of /snapshot requests without preceding authentication

SIEM Query:

source_ip=* dest_ip=[doorbell_ip] dest_port=80 uri_path="/snapshot"

📊 Metadata

CVE ID: CVE-2021-31793

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-306

Published: May 6, 2021

Last Updated: November 21, 2024

🔗 References

https://cloud.binary.ninja/embed/f4400a22-c438-403a-bf2a-939ca44a4f6b Third Party Advisory
https://gist.github.com/tj-oconnor/16a4116050bbcb4717315f519b944f1f Third Party Advisory
https://cloud.binary.ninja/embed/f4400a22-c438-403a-bf2a-939ca44a4f6b Third Party Advisory
https://gist.github.com/tj-oconnor/16a4116050bbcb4717315f519b944f1f Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31793, you might also want to check these: