Home > Vulnerability Database > CVE-2020-28713

Mend.io Vulnerability Database

CVE-2020-28713

Date: June 8, 2021

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events.

Severity Score

6.5

Related Resources (5)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28713

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-28713

Url: https://cloud.binary.ninja/embed/26671c64-6859-48fb-b58e-af35dc982b35

Url: https://gist.github.com/tj-oconnor/dbfbef4d3b271d53fefbd24e1f0024f0

Url: https://www.mend.io/vulnerability-database/CVE-2020-28713

Severity Score

6.5

Weakness Type (CWE)

Authentication Bypass by Capture-replay

CWE-294

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-28713

Date: June 8, 2021

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?