← Back

Inim

inim

3 CVEs • 12 products

Products (12)

Click to collapse
Toggle
Smartliving 505 Firmware
smartliving_505_firmware
3 CVEs
Smartliving 515 Firmware
smartliving_515_firmware
3 CVEs
Smartliving 1050 Firmware
smartliving_1050_firmware
3 CVEs
Smartliving 1050g3 Firmware
smartliving_1050g3_firmware
3 CVEs
Smartliving 10100l Firmware
smartliving_10100l_firmware
3 CVEs
Smartliving 10100lg3 Firmware
smartliving_10100lg3_firmware
3 CVEs
Smartliving 505
smartliving_505
0 CVEs
Smartliving 515
smartliving_515
0 CVEs
Smartliving 1050
smartliving_1050
0 CVEs
Smartliving 1050g3
smartliving_1050g3
0 CVEs
Smartliving 10100l
smartliving_10100l
0 CVEs
Smartliving 10100lg3
smartliving_10100lg3
0 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-22002
1Inim
6Smartliving 10100l Firmware
Smartliving 10100lg3 FirmwareSmartliving 1050 Firmware+3 more
Nov 21, 2024
Apr 29, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET param...Show more
An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.Show less
CVE-2020-21995
1Inim
6Smartliving 10100l Firmware
Smartliving 10100lg3 FirmwareSmartliving 1050 Firmware+3 more
Nov 21, 2024
Apr 29, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
CVE-2020-21992
1Inim
6Smartliving 10100l Firmware
Smartliving 10100lg3 FirmwareSmartliving 1050 Firmware+3 more
Nov 21, 2024
Apr 29, 2021
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail'...Show more
Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.Show less