CVE-2020-21992

high-risk
Published 2021-04-29

Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.

Do I need to act?

~
3.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (6)

Smartliving 505 Firmware
Smartliving 515 Firmware
Smartliving 1050 Firmware
Smartliving 1050G3 Firmware
Smartliving 10100L Firmware
Smartliving 10100Lg3 Firmware

Affected Vendors

Inim

References (2)

Exploit https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php
Exploit https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php
50
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 7/34 · Low
Exposure 13/34 · Low