An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root).
References
Link | Resource |
---|---|
https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-08T01:43:04
Updated: 2021-02-08T01:43:04
Reserved: 2020-04-19T00:00:00
Link: CVE-2020-11920
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-08T02:15:12.440
Modified: 2021-02-11T20:28:49.617
Link: CVE-2020-11920
JSON object: View
Redhat Information
No data.
CWE