CVE-2020-22002

Published: Apr 29, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/172839

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-22002

Description

Affected Products

References