Svakom: >> Svakom Siime Eye Firmware Security Vulnerabilities
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-11-07
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)
CVSS Score
4.3
EPSS Score
0.001
Published
2024-11-07
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-11-07
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection.
CVSS Score
8.0
EPSS Score
0.0
Published
2024-11-07