CVE-2020-11920

Опубликовано: 08 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root).

Ссылки

http://seclists.org/fulldisclosure/2024/Jul/14
https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/14
https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:svakom:siime_eye_firmware:14.1.00000001.3.330.0.0.3.14:*:*:*:*:*:*:*

cpe:2.3:h:svakom:siime_eye:-:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04409

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-78px-cwj7-qf99