CVE-2019-13336
Description
The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's position is that this product reached end of life in 2016.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated remote attackers can unlock doors connected to dbell DB01-S Gen 1 doorbells via TCP port 81 without valid credentials.
Vulnerability
The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 exposes a GoAhead web server on TCP port 81. The endpoint /openlock.cgi accepts loginuse and loginpass parameters but does not validate them; any arbitrary values are accepted, allowing unauthenticated command execution [1]. This affects all units of the DB01-S Gen 1 model, which reached end of life in 2016.
Exploitation
An attacker with network access to the doorbell (locally on the same network or remotely if the device is exposed to the internet) can send an HTTP GET request to http://:81/openlock.cgi?loginuse=any&loginpass=any. No authentication or user interaction is required [1]. The request triggers the doorbell's relay switch, which is typically connected to an electronic door lock.
Impact
Successful exploitation causes the doorbell to announce "door is unlocked" and activates the relay, unlocking any attached door lock. This grants the attacker physical access to the premises. The vulnerability also allows arbitrary command execution via the web server, though the primary demonstrated impact is door unlocking [1].
Mitigation
No patch is available. The vendor has declared the product end-of-life since 2016 and has not released a fix [1]. Users are advised to disconnect the doorbell from the network or replace it with a supported device. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- dbell/Wi-Fi Smart Video Doorbell DB01-S Gen 1description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- noahclements.com/Improper-Input-Validation-on-dbell-Smart-Doorbell-Can-Lead-To-Attackers-Remotely-Unlocking-Door/mitrex_refsource_MISC
- www.reddit.com/r/AskNetsec/comments/c9p22m/company_threatening_to_sue_me_if_i_publicly/mitrex_refsource_MISC
- www.youtube.com/watchmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.