CVE-2019-25289

SmartLiving SmartLAN =6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system function call to execute arbitrary system commands with root...

Inim SmartLiving SmartLAN 操作系统命令注入漏洞

Inim SmartLiving SmartLAN is a series of network communication extension modules from the Italian company Inim. An operating system command injection vulnerability exists in Inim SmartLiving SmartLAN 6.x and earlier versions, which stems from an uncleared par parameter and could lead to a remote...

Inim SmartLiving SmartLAN/SI,Inim SmartLiving SmartLAN/G 信任管理问题漏洞

Inim SmartLiving SmartLAN/SI and Inim SmartLiving SmartLAN/G are both a series of network communication extension modules from Inim Italy. A trust management issue vulnerability exists in Inim SmartLiving SmartLAN/SI,Inim SmartLiving SmartLAN/G version 6.x and earlier, which stems from the presen...

CVE-2019-25289

Affected software: Inim SmartLiving SmartLAN (SmartLAN/G/SI) versions 6.x and earlier. Vulnerability: authenticated remote command injection in the web.cgi binary via an unsanitized 'par' POST parameter in the 'testemail' module, allowing execution of arbitrary system commands with root privilege...

CVE-2019-25289

SmartLiving SmartLAN =6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system function call to execute arbitrary system commands with root...

CVE-2019-25289 INIM Electronics SmartLiving SmartLAN/G/SI <=6.x Remote Command Execution

SmartLiving SmartLAN =6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system function call to execute arbitrary system commands with root...

CVE-2019-25289 INIM Electronics SmartLiving SmartLAN/G/SI <=6.x Remote Command Execution

SmartLiving SmartLAN =6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system function call to execute arbitrary system commands with root...

PT-2026-1681

Name of the Vulnerable Software and Affected Versions SmartLiving SmartLAN versions 6.x and earlier Description SmartLiving SmartLAN contains a remote command injection issue in the web.cgi binary. The issue is due to an unsanitized par POST parameter within the 'testemail' module. An attacker ca...

PT-2026-1682

Name of the Vulnerable Software and Affected Versions Smartliving SmartLAN/G/SI versions 6.x and earlier Description Smartliving SmartLAN/G/SI software is affected by an unauthenticated server-side request forgery issue. The issue resides in the GetImage functionality and is triggered through the...

EUVD-2020-14761

Malware in sbrugna...

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

Hardcoded credentials

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

Server side request forgery (ssrf)

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

Command injection

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

CVE-2020-22002

CVE-2020-22002 – Inim Electronics SmartLiving SmartLAN/G/SI (&lt;=6.x) suffers an unauthenticated SSRF in GetImage where the application uses user-supplied GET parameter host to construct an image request via onvif.cgi without validating the value. The root cause is lack of input validation on ho...

CVE-2020-22002

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

CVE-2020-21995

CVE-2020-21995 affects INIM Electronics SmartLiving SmartLAN/G/SI devices (affected &lt;= 6.x). Root cause is hard-coded credentials embedded in the Linux distribution image, enabling an attacker to access Telnet, SSH, and FTP. Affected models include SmartLiving 505, 515, 1050/1050/G3, 10100L/10...

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI &lt;= 6.x (ARM, 32-bit) contains an authenticated remote command injection vulnerability. The issue arises because the par POST parameter is not sanitized when the testemail module is invoked via web.cgi; the vulnerable binary uses system() to run sh to ...

Inim SmartLAN Default Credentials (HTTP)

Inim SmartLAN is using known default credentials. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:inim:smartlang"; if description...