CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-22002

An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.1%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2020-22002

Inim » Smartliving 10100l » Version: N/A

cpe:2.3:h:inim:smartliving_10100l:-
Inim » Smartliving 10100lg3 » Version: N/A

cpe:2.3:h:inim:smartliving_10100lg3:-
Inim » Smartliving 1050 » Version: N/A

cpe:2.3:h:inim:smartliving_1050:-
Inim » Smartliving 1050g3 » Version: N/A

cpe:2.3:h:inim:smartliving_1050g3:-
Inim » Smartliving 505 » Version: N/A

cpe:2.3:h:inim:smartliving_505:-
Inim » Smartliving 515 » Version: N/A

cpe:2.3:h:inim:smartliving_515:-
Inim » Smartliving 10100l Firmware » Version: N/A

cpe:2.3:o:inim:smartliving_10100l_firmware:-
Inim » Smartliving 10100lg3 Firmware » Version: N/A

cpe:2.3:o:inim:smartliving_10100lg3_firmware:-
Inim » Smartliving 1050 Firmware » Version: N/A

cpe:2.3:o:inim:smartliving_1050_firmware:-
Inim » Smartliving 1050g3 Firmware » Version: N/A

cpe:2.3:o:inim:smartliving_1050g3_firmware:-
Inim » Smartliving 505 Firmware » Version: N/A

cpe:2.3:o:inim:smartliving_505_firmware:-
Inim » Smartliving 515 Firmware » Version: N/A

cpe:2.3:o:inim:smartliving_515_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-22002

Products

Pricing

Contact Us