Filtered by vendor Inim
Subscriptions
Filtered by product Smartliving Smartlan
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25289 | 1 Inim | 1 Smartliving Smartlan | 2026-01-08 | 8.8 High |
| SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials. | ||||
| CVE-2019-25290 | 1 Inim | 1 Smartliving Smartlan | 2026-01-08 | 5.3 Medium |
| Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests. | ||||
| CVE-2019-25291 | 1 Inim | 1 Smartliving Smartlan | 2026-01-08 | 7.5 High |
| INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models. | ||||
Page 1 of 1.