47 matches found
CVE-2019-25291
INIM Electronics Smartliving SmartLAN/G/SI =6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving...
CVE-2019-25289
SmartLiving SmartLAN =6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system function call to execute arbitrary system commands with root...
Inim SmartLiving SmartLAN 操作系统命令注入漏洞
Inim SmartLiving SmartLAN is a series of network communication extension modules from the Italian company Inim. An operating system command injection vulnerability exists in Inim SmartLiving SmartLAN 6.x and earlier versions, which stems from an uncleared par parameter and could lead to a remote...
Inim SmartLiving SmartLAN/SI,Inim SmartLiving SmartLAN/G 信任管理问题漏洞
Inim SmartLiving SmartLAN/SI and Inim SmartLiving SmartLAN/G are both a series of network communication extension modules from Inim Italy. A trust management issue vulnerability exists in Inim SmartLiving SmartLAN/SI,Inim SmartLiving SmartLAN/G version 6.x and earlier, which stems from the presen...
Inim SmartLiving SmartLAN/SI和Inim SmartLiving SmartLAN/G 代码问题漏洞
Inim SmartLiving SmartLAN/SI and Inim SmartLiving SmartLAN/G are both a series of network communication extension modules from Inim Italy. A code issue vulnerability exists in Inim SmartLiving SmartLAN/SI and Inim SmartLiving SmartLAN/G versions 6.x and earlier, which stems from unvalidated input...
CVE-2019-25291 INIM Electronics Smartliving SmartLAN/G/SI <=6.x Hard-coded Credentials Vulnerability
INIM Electronics Smartliving SmartLAN/G/SI =6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving...
CVE-2019-25291
INIM Electronics Smartliving SmartLAN/G/SI =6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving...
CVE-2019-25291 INIM Electronics Smartliving SmartLAN/G/SI <=6.x Hard-coded Credentials Vulnerability
INIM Electronics Smartliving SmartLAN/G/SI =6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving...
CVE-2019-25290 INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage
Smartliving SmartLAN/G/SI =6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through...
CVE-2019-25289
Affected software: Inim SmartLiving SmartLAN (SmartLAN/G/SI) versions 6.x and earlier. Vulnerability: authenticated remote command injection in the web.cgi binary via an unsanitized 'par' POST parameter in the 'testemail' module, allowing execution of arbitrary system commands with root privilege...
CVE-2019-25290 INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage
Smartliving SmartLAN/G/SI =6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through...
CVE-2019-25289
SmartLiving SmartLAN =6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system function call to execute arbitrary system commands with root...
CVE-2019-25290
Smartliving SmartLAN/G/SI =6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through...
CVE-2019-25289 INIM Electronics SmartLiving SmartLAN/G/SI <=6.x Remote Command Execution
SmartLiving SmartLAN =6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system function call to execute arbitrary system commands with root...
PT-2026-1681
Name of the Vulnerable Software and Affected Versions SmartLiving SmartLAN versions 6.x and earlier Description SmartLiving SmartLAN contains a remote command injection issue in the web.cgi binary. The issue is due to an unsanitized par POST parameter within the 'testemail' module. An attacker ca...
PT-2026-1683
Name of the Vulnerable Software and Affected Versions INIM Electronics Smartliving SmartLAN/G/SI versions 6.x and earlier Description The Smartliving SmartLAN/G/SI software contains hard-coded credentials within its Linux distribution image. These credentials cannot be altered through standard...
EUVD-2020-14768
Malware in sbrugna...
EUVD-2020-14761
Malware in sbrugna...
CVE-2020-22002
An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...
CVE-2020-21995
Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...