CVE-2021-31793
Description
An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the /snapshot URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- NightOwl/WDB-20-V2description
Patches
Vulnerability mechanics
Root cause
"The "app" binary exposes an undocumented /snapshot endpoint on port 80 without any authentication check."
Attack vector
An unauthenticated attacker on the same network as the doorbell can send an HTTP GET request to http://<IP>/snapshot [ref_id=1]. The web server in the "app" binary responds with a JPEG image of the current camera view without requiring any credentials or session token [ref_id=1]. The only precondition is network access to the device's port 80.
Affected code
The binary "app" on firmware WDB-20-V2_20190314 runs a web server on port 80 that exposes a /snapshot endpoint [ref_id=1]. No authentication or authorization checks are performed before the snapshot is served.
What the fix does
No patch or updated firmware has been published for this issue. The advisory [ref_id=1] does not describe any remediation from the vendor. To close the vulnerability, the /snapshot endpoint would need to require authentication, or the undocumented web server functionality should be removed entirely.
Preconditions
- networkAttacker must have network access to the doorbell device on port 80
- authNo authentication or prior access required
Reproduction
Run `curl http://<IP>/snapshot --output snapshot.jpg` from any machine with network access to the doorbell [ref_id=1]. The resulting file is a JPEG image (640x360) of the current camera view [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- cloud.binary.ninja/embed/f4400a22-c438-403a-bf2a-939ca44a4f6bmitrex_refsource_MISC
- gist.github.com/tj-oconnor/16a4116050bbcb4717315f519b944f1fmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.