Smartliving 515 Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:inim:smartliving_515_firmware:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Inim (28a8c60f-034f-56da-bbc7-a88dc552d437) |
|---|---|
| Product | Smartliving 515 Firmware (2b4c0d1e-5b16-51f6-bffb-3eea4dc4e297) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-21995 |
vulnerable | 2026-06-08 05:22:31.162979 |
Details available
Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
Published: 2021-04-29T14:10:23.000Z
Updated: 2024-08-04T14:30:33.792Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-21992 |
vulnerable | 2026-06-08 05:22:31.149182 |
Details available
Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.
Published: 2021-04-29T14:04:03.000Z
Updated: 2024-08-04T14:30:33.668Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.