CVE-2020-22002
N/A
N/A
Summary
An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/172839
References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/172839
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.