GCVE - cpe:2.3:h:inim:smartliving_10100lg3:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:inim:smartliving_10100lg3:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Inim (`28a8c60f-034f-56da-bbc7-a88dc552d437`)
Product	Smartliving 10100Lg3 (`4d64f818-7948-5608-8df2-56d8399aac01`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-22002`	not_vulnerable	2026-06-08 05:22:31.198953	Details available An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. Published: 2021-04-29T14:22:20.000Z Updated: 2024-08-04T14:30:33.702Z Open on db.gcve.eu Reference links https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php https://exchange.xforce.ibmcloud.com/vulnerabilities/172839	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-21995`	not_vulnerable	2026-06-08 05:22:31.163883	Details available Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system. Published: 2021-04-29T14:10:23.000Z Updated: 2024-08-04T14:30:33.792Z Open on db.gcve.eu Reference links https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php https://www.exploit-db.com/exploits/47763	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-21992`	not_vulnerable	2026-06-08 05:22:31.156465	Details available Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place. Published: 2021-04-29T14:04:03.000Z Updated: 2024-08-04T14:30:33.668Z Open on db.gcve.eu Reference links https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.