CVE-2020-11915 — MEDIUM (6.8)

Vulnerability Description

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device's Wi-Fi access point.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Svakom	Siime Eye Firmware	14.1.00000001.3.330.0.0.3.14
Svakom	Siime Eye	-

Related Weaknesses (CWE)

CWE-1188

References

http://seclists.org/fulldisclosure/2024/Jul/14
https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoExploitThird Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/14
https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoExploitThird Party Advisory

FAQ

What is CVE-2020-11915?

CVE-2020-11915 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface ...

How severe is CVE-2020-11915?

CVE-2020-11915 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11915?

Check the references section above for vendor advisories and patch information. Affected products include: Svakom Siime Eye Firmware, Svakom Siime Eye.