CVE-2019-25291 INIM Electronics Smartliving SmartLAN/G/SI <=6.x Hard-coded Credentials Vulnerability

INIM Electronics Smartliving SmartLAN/G/SI =6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving...

EUVD-2020-14768

Malware in sbrugna...

EUVD-2020-14761

Malware in sbrugna...

CVE-2020-22002

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

CVE-2020-22002

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

Hardcoded credentials

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

Server side request forgery (ssrf)

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

Command injection

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

CVE-2020-22002

CVE-2020-22002 – Inim Electronics SmartLiving SmartLAN/G/SI (&lt;=6.x) suffers an unauthenticated SSRF in GetImage where the application uses user-supplied GET parameter host to construct an image request via onvif.cgi without validating the value. The root cause is lack of input validation on ho...

CVE-2020-22002

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

CVE-2020-21995

CVE-2020-21995 affects INIM Electronics SmartLiving SmartLAN/G/SI devices (affected &lt;= 6.x). Root cause is hard-coded credentials embedded in the Linux distribution image, enabling an attacker to access Telnet, SSH, and FTP. Affected models include SmartLiving 505, 515, 1050/1050/G3, 10100L/10...

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI &lt;= 6.x (ARM, 32-bit) contains an authenticated remote command injection vulnerability. The issue arises because the par POST parameter is not sanitized when the testemail module is invoked via web.cgi; the vulnerable binary uses system() to run sh to ...

INIM ELECTRONICS SmartLiving System 代码问题漏洞

INIM ELECTRONICS SmartLiving System is an application of the Italian company INIM ELECTRONICS. A SmartLiving System. A security vulnerability exists in INIM ELECTRONICS SmartLiving System, which stems from a lack of validation of parameters, and can be exploited by an attacker to specify an...