[Suggested description]
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices.
A local attacker with the "default" account is capable of reading the
/etc/passwd file, which contains a weakly hashed root password.
By taking this hash and cracking it, the attacker
can obtain root rights on the device.

------------------------------------------

[Vulnerability Type]
Insecure Permissions

------------------------------------------

[Vendor of Product]
Sannce

------------------------------------------

[Affected Product Code Base]
Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317

------------------------------------------

[Affected Component]
Root user through file /etc/passwd

------------------------------------------

[Attack Type]
Local

------------------------------------------

[Impact Escalation of Privileges]
true

------------------------------------------

[Attack Vectors]
To exploit the vulnerability, someone must be able to get local
presence on the device. e.g. through command injection or by using the
telnet interface as a low-privileged user.

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------

[Discoverer]
Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation.

------------------------------------------

[Reference]
https://www.sannce.com

Use CVE-2019-20466.