CVE-2020-21992

{"id": "CVE-2020-21992", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-04-29T15:15:10.443", "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place."}, {"lang": "es", "value": "Inim Electronics SmartLiving SmartLAN/G/SI versiones anteriores a 6.x incluy\u00e9ndola, sufre una vulnerabilidad de inyecci\u00f3n de comando remoto autenticado.&#xa0;El problema se presenta debido a que el par\u00e1metro POST \"par\" no est\u00e1 siendo saneado cuando se llama con el m\u00f3dulo \"testemail\" por medio del binario web.cgi.&#xa0;El binario CGI vulnerable (ejecutable ELF LSB de 32 bits, ARM) est\u00e1 llamando al ejecutable \"sh\" por medio de la funci\u00f3n system() para emitir un comando usando el servicio mailx y su par\u00e1metro de formato de cadena vulnerable que permite la inyecci\u00f3n de comandos del Sistema Operativo con privilegios root.&#xa0;Un atacante puede ejecutar comandos del sistema de forma remota como usuario root usando las credenciales predeterminadas y omitir los controles de acceso en su lugar"}], "lastModified": "2024-11-21T05:12:58.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:inim:smartliving_505_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D6EB9DE-4537-4070-9AAB-197FAD04313C", "versionEndIncluding": "6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:inim:smartliving_505:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30FE3762-2144-4DF6-89C1-2181E15ACCF4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:inim:smartliving_515_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72CEA623-65E8-4F0B-87C0-615ED5C47269", "versionEndIncluding": "6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:inim:smartliving_515:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1EBA5461-77FB-46E5-BFDC-F470A9A97492"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:inim:smartliving_1050_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9ACAF85-F4BD-4751-ACA5-0ADE339C82A3", "versionEndIncluding": "6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:inim:smartliving_1050:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BB1029D-DC9C-444A-BCE3-AF1BE074A068"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:inim:smartliving_1050g3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "945C2E70-72F7-4EF6-BFBC-CFDA43FC6DE0", "versionEndIncluding": "6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:inim:smartliving_1050g3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0BF688BA-60F1-4F19-8CFA-6C1EFB4D4128"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:inim:smartliving_10100l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "270CD713-574B-4A14-A002-275CD3C7EF86", "versionEndIncluding": "6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:inim:smartliving_10100l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5537E090-43C2-42B1-A793-23E765A82D6E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:inim:smartliving_10100lg3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3F59BB8-E7D0-4B3A-A05F-CD78B9510DA0", "versionEndIncluding": "6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:inim:smartliving_10100lg3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "108A7416-7196-49E8-9181-CE27C9F1ED11"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}