Description

Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.

Related CPE's

o

inim

smartliving_505_firmware

Vulnerable

h

inim

smartliving_505

-

o

inim

smartliving_515_firmware

Vulnerable

h

inim

smartliving_515

-

o

inim

smartliving_1050_firmware

Vulnerable

h

inim

smartliving_1050

-

o

inim

smartliving_1050g3_firmware

Vulnerable

h

inim

smartliving_1050g3

-

o

inim

smartliving_10100l_firmware

Vulnerable

h

inim

smartliving_10100l

-

o

inim

smartliving_10100lg3_firmware

Vulnerable

h

inim

smartliving_10100lg3

-

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-78

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-29T15:15:10.443

4 years ago

Last modified

2021-05-12T15:06:28.480

4 years ago