CVE-2020-22002

Description

An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.

Related CPE's

oinimsmartliving_505_firmware-*******
vulnerable
hinimsmartliving_505-*******
oinimsmartliving_515_firmware-*******
vulnerable
hinimsmartliving_515-*******
oinimsmartliving_1050_firmware-*******
vulnerable
hinimsmartliving_1050-*******
oinimsmartliving_1050g3_firmware-*******
vulnerable
hinimsmartliving_1050g3-*******
oinimsmartliving_10100l_firmware-*******
vulnerable
hinimsmartliving_10100l-*******

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/172839

Third Party AdvisoryVDB Entry

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php

ExploitThird Party Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

7.5

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

5

VectorString

AV:N/AC:L/Au:N/C:N/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE