CVE-2020-22002

EUVD-2020-14768

29.04.2021, 15:15

An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.

SSRF

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 72%

Affected Products (NVD)

Vendor	Product	Version
inim	smartliving_505_firmware	-
inim	smartliving_515_firmware	-
inim	smartliving_1050_firmware	-
inim	smartliving_1050g3_firmware	-
inim	smartliving_10100l_firmware	-
inim	smartliving_10100lg3_firmware	-

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-918 - Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/172839

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php

https://exchange.xforce.ibmcloud.com/vulnerabilities/172839

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php