CVE-2019-25291

Summary

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.

Affected Software

VendorProductVersion RangeStatus
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI<=6.0affected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI505affected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI515affected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI1050affected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI1050/G3affected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI10100Laffected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI10100L/G3affected

Weaknesses

  • CWE-798: Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References