Vulnerabilities (CVE)

Filtered by vendor Svakom Subscribe
Filtered by product Siime Eye
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11920 1 Svakom 2 Siime Eye, Siime Eye Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root).
CVE-2020-11915 1 Svakom 2 Siime Eye, Siime Eye Firmware 2024-11-21 4.6 MEDIUM 6.8 MEDIUM
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device's Wi-Fi access point.