CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-11920

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.044

EPSS Ranking 88.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

http://seclists.org/fulldisclosure/2024/Jul/14
https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/
http://seclists.org/fulldisclosure/2024/Jul/14
https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/

Products affected by CVE-2020-11920

Svakom » Siime Eye » Version: N/A

cpe:2.3:h:svakom:siime_eye:-
Svakom » Siime Eye Firmware » Version: 14.1.00000001.3.330.0.0.3.14

cpe:2.3:o:svakom:siime_eye_firmware:14.1.00000001.3.330.0.0.3.14

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11920

Products

Pricing

Contact Us