Lucene search

[email protected]NVD:CVE-2020-22002

HistoryApr 29, 2021 - 3:15 p.m.

CVE-2020-22002

2021-04-2915:15:10

CWE-918

[email protected]

web.nvd.nist.gov

ssrf

vulnerability

inim electronics

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.005

Percentile

75.9%

JSON

An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter ‘host’ to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.

Affected configurations

Nvd

Node

inimsmartliving_505_firmwareMatch-

AND

inimsmartliving_505Match-

Node

inimsmartliving_515_firmwareMatch-

AND

inimsmartliving_515Match-

Node

inimsmartliving_1050_firmwareMatch-

AND

inimsmartliving_1050Match-

Node

inimsmartliving_1050g3_firmwareMatch-

AND

inimsmartliving_1050g3Match-

Node

inimsmartliving_10100l_firmwareMatch-

AND

inimsmartliving_10100lMatch-

Node

inimsmartliving_10100lg3_firmwareMatch-

AND

inimsmartliving_10100lg3Match-

VendorProductVersionCPE
inimsmartliving_505_firmware-cpe:2.3:o:inim:smartliving_505_firmware:-:*:*:*:*:*:*:*
inimsmartliving_505-cpe:2.3:h:inim:smartliving_505:-:*:*:*:*:*:*:*
inimsmartliving_515_firmware-cpe:2.3:o:inim:smartliving_515_firmware:-:*:*:*:*:*:*:*
inimsmartliving_515-cpe:2.3:h:inim:smartliving_515:-:*:*:*:*:*:*:*
inimsmartliving_1050_firmware-cpe:2.3:o:inim:smartliving_1050_firmware:-:*:*:*:*:*:*:*
inimsmartliving_1050-cpe:2.3:h:inim:smartliving_1050:-:*:*:*:*:*:*:*
inimsmartliving_1050g3_firmware-cpe:2.3:o:inim:smartliving_1050g3_firmware:-:*:*:*:*:*:*:*
inimsmartliving_1050g3-cpe:2.3:h:inim:smartliving_1050g3:-:*:*:*:*:*:*:*
inimsmartliving_10100l_firmware-cpe:2.3:o:inim:smartliving_10100l_firmware:-:*:*:*:*:*:*:*
inimsmartliving_10100l-cpe:2.3:h:inim:smartliving_10100l:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
inim	smartliving_505_firmware	-	cpe:2.3:o:inim:smartliving_505_firmware:-:::::::*
inim	smartliving_505	-	cpe:2.3:h:inim:smartliving_505:-:::::::*
inim	smartliving_515_firmware	-	cpe:2.3:o:inim:smartliving_515_firmware:-:::::::*
inim	smartliving_515	-	cpe:2.3:h:inim:smartliving_515:-:::::::*
inim	smartliving_1050_firmware	-	cpe:2.3:o:inim:smartliving_1050_firmware:-:::::::*
inim	smartliving_1050	-	cpe:2.3:h:inim:smartliving_1050:-:::::::*
inim	smartliving_1050g3_firmware	-	cpe:2.3:o:inim:smartliving_1050g3_firmware:-:::::::*
inim	smartliving_1050g3	-	cpe:2.3:h:inim:smartliving_1050g3:-:::::::*
inim	smartliving_10100l_firmware	-	cpe:2.3:o:inim:smartliving_10100l_firmware:-:::::::*
inim	smartliving_10100l	-	cpe:2.3:h:inim:smartliving_10100l:-:::::::*

Rows per page:

1-10 of 121

References

exchange.xforce.ibmcloud.com/vulnerabilities/172839

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.005

Percentile

75.9%

JSON

Related for NVD:CVE-2020-22002

cvelist1 zeroscience1 cve1 prion1