NSIDE-SA-2024-001

Advisory: Multiple Vulnerabilities in the GNCC GC2 Indoor Security Camera

The product is affected by multiple vulnerabilities that allow an attacker with
physical access to the device to extract Wi-Fi credentials and access an
administrative shell.

Details
=======

Affected Product: GNCC GC2 Indoor Security Camera
Affected Versions: no version specified by the vendor
Vulnerability Types: Exposed UART Port Transmits Wi-Fi Credentials, Interactive Shell Login Prompt Bypass, Same Root Password on All Devices
Security Risk: MEDIUM
Vendor Status: NOT ACKNOWLEDGED
Fixed Version: none
Advisory Status: PUBLISHED
Advisory URL: https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001
Advisory URL (text only): https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001.txt
CVE IDs: CVE-2024-31798, CVE-2024-31799, and CVE-2024-31800

Introduction
============

During security research NSIDE discovered multiple vulnerabilities in the GC2
Indoor Security Camera sold by GNCC. These vulnerabilities are of medium
severity and are only exploitable by an attacker with physical access to the
camera. NSIDE notified the vendor but did not receive [...]