CVE-2020-22002 — HIGH (7.5)

Q: How severe is CVE-2020-22002?

CVE-2020-22002 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-22002?

Check the references section above for vendor advisories and patch information. Affected products include: Inim Smartliving 505 Firmware, Inim Smartliving 505, Inim Smartliving 515 Firmware, Inim Smartliving 515, Inim Smartliving 1050 Firmware.

Vulnerability Description

An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Inim	Smartliving 505 Firmware	-
Inim	Smartliving 505	-
Inim	Smartliving 515 Firmware	-
Inim	Smartliving 515	-
Inim	Smartliving 1050 Firmware	-
Inim	Smartliving 1050	-
Inim	Smartliving 1050G3 Firmware	-
Inim	Smartliving 1050G3	-
Inim	Smartliving 10100L Firmware	-
Inim	Smartliving 10100L	-
Inim	Smartliving 10100Lg3 Firmware	-
Inim	Smartliving 10100Lg3	-

Related Weaknesses (CWE)

CWE-918

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/172839Third Party AdvisoryVDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.phpExploitThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/172839Third Party AdvisoryVDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.phpExploitThird Party Advisory

FAQ

What is CVE-2020-22002?

CVE-2020-22002 is a vulnerability with a CVSS score of 7.5 (HIGH). An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied d...

How severe is CVE-2020-22002?

CVE-2020-22002 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-22002?

Check the references section above for vendor advisories and patch information. Affected products include: Inim Smartliving 505 Firmware, Inim Smartliving 505, Inim Smartliving 515 Firmware, Inim Smartliving 515, Inim Smartliving 1050 Firmware.