VDB
CVE-2020-28713
CVE-2020-28713
PUBLISHED
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events.
EPSS 0.65% · 71.3th percentile
Risk Scores
EPSS Score
0.65%
71.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | sma | 0, 1.4-3 |
| Ubuntu:22.04:LTS | sma | 1.4-3.1, 0 |
| Ubuntu:25.10 | sma | 0, 1.4-3.1 |
| Ubuntu:20.04:LTS | sma | 0, 1.4-3build1 |
| Ubuntu:24.04:LTS | sma | 0, 1.4-3.1 |
| Ubuntu:18.04:LTS | sma | 0, 1.4-3, 1.4-3build1 |
Exploit Intelligence
Timeline
- Jun 8, 2021 CVE Published
- Jun 9, 2021 EPSS Score
- Aug 10, 2021 EPSS Score
- Oct 10, 2021 EPSS Score
- Dec 9, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 10, 2022 EPSS Score
- Jun 10, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Oct 11, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-28713 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-28713 third-party-advisory