Fortinet Discovers DoorBot Network Configuration Leak Vulnerability
Fortinet's FortiGuard Labs has discovered a network configuration leak vulnerability in DoorBot.
The Doorbot, known as Ring now, is a connected doorbell that comes with network capabilities. It connects to a user's home Wi-Fi and allows the owner to interact with visitors via the doorbell from a smartphone, or receive mobile alerts about every ring on the doorbell. It can also be connected to existing doorbell wiring to allow answering the door using a smartphone.
The vulnerability can be attributed to the poor configuration of its GainSpan Wi-Fi module that provides an API to recover the Doorbot's network configuration in Plain Text.
SolutionsNo vendor patch so far.
This vulnerability was discovered by Ruchna Nigam of Fortinet's FortiGuard Labs.