CVE-2020-11920 — CRITICAL (9.8)

Vulnerability Description

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root).

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Svakom	Siime Eye Firmware	14.1.00000001.3.330.0.0.3.14
Svakom	Siime Eye	-

Related Weaknesses (CWE)

CWE-78

References

http://seclists.org/fulldisclosure/2024/Jul/14
https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoExploitThird Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/14
https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoExploitThird Party Advisory

FAQ

What is CVE-2020-11920?

CVE-2020-11920 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the devi...

How severe is CVE-2020-11920?

CVE-2020-11920 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-11920?

Check the references section above for vendor advisories and patch information. Affected products include: Svakom Siime Eye Firmware, Svakom Siime Eye.