Find a vulnerability
Search criteria
6 vulnerabilities by svakom
VAR-202407-2627
Vulnerability from variot - Updated: 2025-11-18 14:38An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection. Svakom of Siime Eye A cross-site request forgery vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
[Additional Information] The default settings make this attack theoretical rather than practical.
A lot of interaction takes place between the application and the end user. For correct functioning, it is important to verify that requests coming from the user actually represent the user's intention. The application must therefore be able to distinguish forged requests from legitimate ones. Currently no measures against Cross-Site Request Forgery have been implemented and therefore users can be tricked into submitting requests without their knowledge or consent. From the application's point of view, these requests are legitimate requests from the user and they will be processed as such. This can result in the creation of additional (administrative) user accounts, without the user’s knowledge or consent.
In order to execute a CSRF attack, a user must be tricked into visiting an attacker controlled page, using the same browser that is authenticated to the Siime Eye. As mostly the Hotspot from Siime Eye will be used, users are unlikely to (be able to) access such pages simultaneously.
[Vulnerability Type] Cross Site Request Forgery (CSRF)
[Vendor of Product] Svakom
[Affected Product Code Base] Siime Eye - 14.1.00000001.3.330.0.0.3.14
[Affected Component] Siime Eye, web interface
[Attack Type] Context-dependent
[Impact Escalation of Privileges] true
[CVE Impact Other] Full device compromise.
[Reference] N/A
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond. Use CVE-2020-11919
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-2627",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siime eye",
"scope": "eq",
"trust": 1.0,
"vendor": "svakom",
"version": "14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": null,
"trust": 0.8,
"vendor": "svakom",
"version": null
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": "siime eye firmware 14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018371"
},
{
"db": "NVD",
"id": "CVE-2020-11919"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2020-11919",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2020-11919",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-018371",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-11919",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2020-018371",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018371"
},
{
"db": "NVD",
"id": "CVE-2020-11919"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection. Svakom of Siime Eye A cross-site request forgery vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\n------------------------------------------\n\n[Additional Information]\nThe default settings make this attack theoretical rather than practical. \n\n\nA lot of interaction takes place between the application and the end\nuser. For correct functioning, it is important to verify that requests\ncoming from the user actually represent the user\u0027s intention. The\napplication must therefore be able to distinguish forged requests from\nlegitimate ones. Currently no measures against Cross-Site Request\nForgery have been implemented and therefore users can be tricked into\nsubmitting requests without their knowledge or consent. From the\napplication\u0027s point of view, these requests are legitimate requests\nfrom the user and they will be processed as such. This can result in\nthe creation of additional (administrative) user accounts, without the\nuser\u00e2\u20ac\u2122s knowledge or consent. \n\nIn order to execute a CSRF attack, a user must be tricked into visiting\nan attacker controlled page, using the same browser that is\nauthenticated to the Siime Eye. As mostly the Hotspot from Siime Eye\nwill be used, users are unlikely to (be able to) access such pages\nsimultaneously. \n\n------------------------------------------\n\n[Vulnerability Type]\nCross Site Request Forgery (CSRF)\n\n------------------------------------------\n\n[Vendor of Product]\nSvakom\n\n------------------------------------------\n\n[Affected Product Code Base]\nSiime Eye - 14.1.00000001.3.330.0.0.3.14\n\n------------------------------------------\n\n[Affected Component]\nSiime Eye, web interface\n\n------------------------------------------\n\n[Attack Type]\nContext-dependent\n\n------------------------------------------\n\n[Impact Escalation of Privileges]\ntrue\n\n------------------------------------------\n\n[CVE Impact Other]\nFull device compromise. \n\n------------------------------------------\n\n[Reference]\nN/A\n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond. \nUse CVE-2020-11919",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11919"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018371"
},
{
"db": "PACKETSTORM",
"id": "179798"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11919",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018371",
"trust": 0.8
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179798",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "PACKETSTORM",
"id": "179798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018371"
},
{
"db": "NVD",
"id": "CVE-2020-11919"
}
]
},
"id": "VAR-202407-2627",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T14:38:22.963000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018371"
},
{
"db": "NVD",
"id": "CVE-2020-11919"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11919"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "179798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018371"
},
{
"db": "NVD",
"id": "CVE-2020-11919"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "PACKETSTORM",
"id": "179798"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018371"
},
{
"db": "NVD",
"id": "CVE-2020-11919"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179798"
},
{
"date": "2025-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-018371"
},
{
"date": "2024-11-07T18:15:15.517000",
"db": "NVD",
"id": "CVE-2020-11919"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-25T01:41:00",
"db": "JVNDB",
"id": "JVNDB-2020-018371"
},
{
"date": "2025-11-04T18:15:38.760000",
"db": "NVD",
"id": "CVE-2020-11919"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Svakom\u00a0 of \u00a0Siime\u00a0Eye\u00a0 Cross-site request forgery vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018371"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "csrf",
"sources": [
{
"db": "PACKETSTORM",
"id": "179798"
}
],
"trust": 0.1
}
}
VAR-202407-2514
Vulnerability from variot - Updated: 2025-11-18 13:18An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.). Svakom of Siime Eye The firmware contains a vulnerability in initializing resources to insecure default values.Information may be obtained. As the device is turned on for limited times less devices are detected via Wigle then one might expect. Using this site, it is possible to filter on specific SSIDs. When a filter is applied to find the default SSID of the Siime Eye, it is possible to find several devices across the globe. The map shown on wigle shows an approximate physical location for the device and hence makes physical or physical proximity attacks more likely.
In addition it violates the user's privacy as everyone on the internet is capable of detecting where the devices are being used.
[VulnerabilityType Other] Information disclosure
[Vendor of Product] Svakom
[Affected Product Code Base] Siime Eye - 14.1.00000001.3.330.0.0.3.14
[Affected Component] Siime Eye Wi-Fi access point
[Attack Type] Context-dependent
[Impact Information Disclosure] true
[Attack Vectors] In order to exploit this issue an attacker needs to simply search for the Siime Eye SSID on wigle.net
[Reference] https://wigle.net N/A
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Jasper Nota, Edwin gozeling from Qbit cyber security in assignment of the Consumentenbond. Use CVE-2020-11917
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-2514",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siime eye",
"scope": "eq",
"trust": 1.0,
"vendor": "svakom",
"version": "14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": null,
"trust": 0.8,
"vendor": "svakom",
"version": null
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": "siime eye firmware 14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018373"
},
{
"db": "NVD",
"id": "CVE-2020-11917"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2020-11917",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11917",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-018373",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-11917",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2020-018373",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018373"
},
{
"db": "NVD",
"id": "CVE-2020-11917"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.). Svakom of Siime Eye The firmware contains a vulnerability in initializing resources to insecure default values.Information may be obtained. As the device is turned on for limited times less devices are detected via Wigle then one might expect. Using this\nsite, it is possible to filter on specific SSIDs. When a filter is\napplied to find the default SSID of the Siime Eye, it is possible to\nfind several devices across the globe. The map shown on wigle shows an\napproximate physical location for the device and hence makes physical\nor physical proximity attacks more likely. \n\nIn addition it violates the user\u0027s privacy as everyone on the internet\nis capable of detecting where the devices are being used. \n\n------------------------------------------\n\n[VulnerabilityType Other]\nInformation disclosure\n\n------------------------------------------\n\n[Vendor of Product]\nSvakom\n\n------------------------------------------\n\n[Affected Product Code Base]\nSiime Eye - 14.1.00000001.3.330.0.0.3.14\n\n------------------------------------------\n\n[Affected Component]\nSiime Eye Wi-Fi access point\n\n------------------------------------------\n\n[Attack Type]\nContext-dependent\n\n------------------------------------------\n\n[Impact Information Disclosure]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nIn order to exploit this issue an attacker needs to simply search for the Siime Eye SSID on wigle.net\n\n------------------------------------------\n\n[Reference]\nhttps://wigle.net\nN/A\n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Edwin gozeling from Qbit cyber security in assignment of the Consumentenbond. \nUse CVE-2020-11917",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11917"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018373"
},
{
"db": "PACKETSTORM",
"id": "179796"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11917",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018373",
"trust": 0.8
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179796",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "PACKETSTORM",
"id": "179796"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018373"
},
{
"db": "NVD",
"id": "CVE-2020-11917"
}
]
},
"id": "VAR-202407-2514",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T13:18:25.296000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "Initializing Resources to Unsafe Default Values (CWE-1188) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018373"
},
{
"db": "NVD",
"id": "CVE-2020-11917"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11917"
},
{
"trust": 0.1,
"url": "https://wigle.net"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "179796"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018373"
},
{
"db": "NVD",
"id": "CVE-2020-11917"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "PACKETSTORM",
"id": "179796"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018373"
},
{
"db": "NVD",
"id": "CVE-2020-11917"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179796"
},
{
"date": "2025-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-018373"
},
{
"date": "2024-11-07T18:15:15.370000",
"db": "NVD",
"id": "CVE-2020-11917"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-25T05:10:00",
"db": "JVNDB",
"id": "JVNDB-2020-018373"
},
{
"date": "2025-11-04T18:15:38.437000",
"db": "NVD",
"id": "CVE-2020-11917"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "179796"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Svakom\u00a0 of \u00a0Siime\u00a0Eye\u00a0 Vulnerability in firmware where resources are initialized to insecure default values",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018373"
}
],
"trust": 0.8
}
}
VAR-202407-2661
Vulnerability from variot - Updated: 2025-11-18 12:20An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased. Svakom of Siime Eye A vulnerability exists in the firmware regarding the use of cryptographic algorithms.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Svakom
[Affected Product Code Base] Siime Eye - 14.1.00000001.3.330.0.0.3.14
[Affected Component] Siime Eye linux password hashes
[Attack Type] Context-dependent
[Impact Information Disclosure] true
[Attack Vectors] The hash can be obtained using various techniques (e.g.) through command injection.
[Reference] N/A
[Discoverer] Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond. Use CVE-2020-11916
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-2661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siime eye",
"scope": "eq",
"trust": 1.0,
"vendor": "svakom",
"version": "14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": null,
"trust": 0.8,
"vendor": "svakom",
"version": null
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": "siime eye firmware 14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018374"
},
{
"db": "NVD",
"id": "CVE-2020-11916"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2020-11916",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11916",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-018374",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-11916",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2020-018374",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018374"
},
{
"db": "NVD",
"id": "CVE-2020-11916"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased. Svakom of Siime Eye A vulnerability exists in the firmware regarding the use of cryptographic algorithms.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\n------------------------------------------\n\n[Vulnerability Type]\nIncorrect Access Control\n\n------------------------------------------\n\n[Vendor of Product]\nSvakom\n\n------------------------------------------\n\n[Affected Product Code Base]\nSiime Eye - 14.1.00000001.3.330.0.0.3.14\n\n------------------------------------------\n\n[Affected Component]\nSiime Eye linux password hashes\n\n------------------------------------------\n\n[Attack Type]\nContext-dependent\n\n------------------------------------------\n\n[Impact Information Disclosure]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nThe hash can be obtained using various techniques (e.g.) through command injection. \n\n------------------------------------------\n\n[Reference]\nN/A\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond. \nUse CVE-2020-11916",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11916"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018374"
},
{
"db": "PACKETSTORM",
"id": "179795"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11916",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018374",
"trust": 0.8
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179795",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "PACKETSTORM",
"id": "179795"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018374"
},
{
"db": "NVD",
"id": "CVE-2020-11916"
}
]
},
"id": "VAR-202407-2661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T12:20:47.248000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "Use of incomplete or dangerous cryptographic algorithms (CWE-327) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018374"
},
{
"db": "NVD",
"id": "CVE-2020-11916"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11916"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "179795"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018374"
},
{
"db": "NVD",
"id": "CVE-2020-11916"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "PACKETSTORM",
"id": "179795"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018374"
},
{
"db": "NVD",
"id": "CVE-2020-11916"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179795"
},
{
"date": "2025-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-018374"
},
{
"date": "2024-11-07T18:15:15.310000",
"db": "NVD",
"id": "CVE-2020-11916"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-25T05:33:00",
"db": "JVNDB",
"id": "JVNDB-2020-018374"
},
{
"date": "2025-11-04T18:15:38.280000",
"db": "NVD",
"id": "CVE-2020-11916"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Svakom\u00a0 of \u00a0Siime\u00a0Eye\u00a0 Vulnerabilities related to the use of cryptographic algorithms in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018374"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "root",
"sources": [
{
"db": "PACKETSTORM",
"id": "179795"
}
],
"trust": 0.1
}
}
VAR-202407-2555
Vulnerability from variot - Updated: 2025-11-18 12:20An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file. Svakom of Siime Eye The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained and information may be tampered with.
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Svakom
[Affected Product Code Base] Siime Eye - 14.1.00000001.3.330.0.0.3.14
[Affected Component] Siime Eye
[Attack Type] Context-dependent
[Impact Information Disclosure] true
[Attack Vectors] A backup file must be found or created by an attacker in order to exploit this vulnerability.
[Reference] N/A
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond Use CVE-2020-11918
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-2555",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siime eye",
"scope": "eq",
"trust": 1.0,
"vendor": "svakom",
"version": "14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": null,
"trust": 0.8,
"vendor": "svakom",
"version": null
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": "siime eye firmware 14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2020-11918",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11918",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-018372",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-11918",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2020-018372",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file. Svakom of Siime Eye The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained and information may be tampered with. \n\n------------------------------------------\n\n[Vulnerability Type]\nIncorrect Access Control\n\n------------------------------------------\n\n[Vendor of Product]\nSvakom\n\n------------------------------------------\n\n[Affected Product Code Base]\nSiime Eye - 14.1.00000001.3.330.0.0.3.14\n\n------------------------------------------\n\n[Affected Component]\nSiime Eye\n\n------------------------------------------\n\n[Attack Type]\nContext-dependent\n\n------------------------------------------\n\n[Impact Information Disclosure]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nA backup file must be found or created by an attacker in order to exploit this vulnerability. \n\n------------------------------------------\n\n[Reference]\nN/A\n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond\nUse CVE-2020-11918",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11918"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "PACKETSTORM",
"id": "179797"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11918",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018372",
"trust": 0.8
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179797",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "PACKETSTORM",
"id": "179797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"id": "VAR-202407-2555",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T12:20:33.843000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11918"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "179797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "PACKETSTORM",
"id": "179797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179797"
},
{
"date": "2025-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"date": "2024-11-07T18:15:15.450000",
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-25T03:09:00",
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"date": "2025-11-04T18:15:38.600000",
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Svakom\u00a0 of \u00a0Siime\u00a0Eye\u00a0 Vulnerability related to plaintext storage of important information in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "179797"
}
],
"trust": 0.1
}
}
VAR-202102-0065
Vulnerability from variot - Updated: 2025-01-30 21:13An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root). Svakom Siime Eye Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state.
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Svakom
[Affected Product Code Base] Siime eye - 14.1.00000001.3.330.0.0.3.14
[Affected Component] Siime Eye, web interface
[Attack Type] Context-dependent
[Impact Code execution] true
[Attack Vectors] An attacker needs to be connected to the device's access point and have access to the admin panel (e.g through sniffing or bruteforcing the credentials)
[Reference] https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/ N/A
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit cyber security in assignment for the Consumentenbond In addition, Pentest partners discovered this as well but did not request CVE's. Use CVE-2020-11920
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0065",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siime eye",
"scope": "eq",
"trust": 1.0,
"vendor": "svakom",
"version": "14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": "siime eye firmware 14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015936"
},
{
"db": "NVD",
"id": "CVE-2020-11920"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2020-11920",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-11920",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-11920",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-11920",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11920",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-11920",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-576",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-11920",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11920"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015936"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-576"
},
{
"db": "NVD",
"id": "CVE-2020-11920"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device\u0027s services are running as root). Svakom Siime Eye Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. \n\n------------------------------------------\n\n[Vulnerability Type]\nIncorrect Access Control\n\n------------------------------------------\n\n[Vendor of Product]\nSvakom\n\n------------------------------------------\n\n[Affected Product Code Base]\nSiime eye - 14.1.00000001.3.330.0.0.3.14\n\n------------------------------------------\n\n[Affected Component]\nSiime Eye, web interface\n\n------------------------------------------\n\n[Attack Type]\nContext-dependent\n\n------------------------------------------\n\n[Impact Code execution]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nAn attacker needs to be connected to the device\u0027s access point and have access to the admin panel (e.g through sniffing or bruteforcing the credentials)\n\n------------------------------------------\n\n[Reference]\nhttps://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/\nN/A\n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Edwin Gozeling from Qbit cyber security in assignment for the Consumentenbond In addition, Pentest partners discovered this as well but did not request CVE\u0027s. \nUse CVE-2020-11920",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11920"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015936"
},
{
"db": "VULMON",
"id": "CVE-2020-11920"
},
{
"db": "PACKETSTORM",
"id": "179799"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11920",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015936",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202102-576",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11920",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179799",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2020-11920"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015936"
},
{
"db": "PACKETSTORM",
"id": "179799"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-576"
},
{
"db": "NVD",
"id": "CVE-2020-11920"
}
]
},
"id": "VAR-202102-0065",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-01-30T21:13:44.436000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SVAKOM",
"trust": 0.8,
"url": "https://apps.apple.com/us/app/svakom/id1341586864"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015936"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015936"
},
{
"db": "NVD",
"id": "CVE-2020-11920"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11920"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11920"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015936"
},
{
"db": "PACKETSTORM",
"id": "179799"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-576"
},
{
"db": "NVD",
"id": "CVE-2020-11920"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2020-11920"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015936"
},
{
"db": "PACKETSTORM",
"id": "179799"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-576"
},
{
"db": "NVD",
"id": "CVE-2020-11920"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2021-02-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11920"
},
{
"date": "2021-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015936"
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179799"
},
{
"date": "2021-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-576"
},
{
"date": "2021-02-08T02:15:12.440000",
"db": "NVD",
"id": "CVE-2020-11920"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11920"
},
{
"date": "2021-10-25T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2020-015936"
},
{
"date": "2022-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-576"
},
{
"date": "2024-11-21T04:58:54.423000",
"db": "NVD",
"id": "CVE-2020-11920"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-576"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Svakom\u00a0Siime\u00a0Eye\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015936"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-576"
}
],
"trust": 0.6
}
}
VAR-202102-0064
Vulnerability from variot - Updated: 2025-01-30 19:51An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device's Wi-Fi access point. Svakom Siime Eye There is a vulnerability in the initialization of resources to insecure default values.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state.
[Additional Information] The vulnerability was first discovered by Pentest Partners, later on it was also discovered by Qbit as the issues remain unaddressed by the vendor.
default telnet password is the same across all Siime Eye devices and possibly even across all devices created by this developer
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Svakom
[Affected Product Code Base] Siime Eye - 14.1.00000001.3.330.0.0.3.14
[Affected Component] Siime Eye device
[Attack Type] Physical
[Impact Code execution] true
[Attack Vectors] An attacker must first obtain access to the Wi-Fi access point of the device, after which the exploit can be done using simple network commands.
[Reference] https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/ N/A
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit during an assignment for the Consumentenbond. Unknown personnel at pentest partners who did not request a CVE back then. Use CVE-2020-11915
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0064",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siime eye",
"scope": "eq",
"trust": 1.0,
"vendor": "svakom",
"version": "14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": null
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": "siime eye firmware 14.1.00000001.3.330.0.0.3.14"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015971"
},
{
"db": "NVD",
"id": "CVE-2020-11915"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2020-11915",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-11915",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2020-11915",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-11915",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11915",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-11915",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-11915",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-577",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015971"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-577"
},
{
"db": "NVD",
"id": "CVE-2020-11915"
},
{
"db": "NVD",
"id": "CVE-2020-11915"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1\u0026save=1\u0026reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device\u0027s Wi-Fi access point. Svakom Siime Eye There is a vulnerability in the initialization of resources to insecure default values.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. \n\n------------------------------------------\n\n[Additional Information]\nThe vulnerability was first discovered by Pentest Partners, later on it was also discovered by Qbit as the issues remain unaddressed by the vendor. \n\ndefault telnet password is the same across all\nSiime Eye devices and possibly even across all devices created by this\ndeveloper\n\n------------------------------------------\n\n[Vulnerability Type]\nIncorrect Access Control\n\n------------------------------------------\n\n[Vendor of Product]\nSvakom\n\n------------------------------------------\n\n[Affected Product Code Base]\nSiime Eye - 14.1.00000001.3.330.0.0.3.14\n\n------------------------------------------\n\n[Affected Component]\nSiime Eye device\n\n------------------------------------------\n\n[Attack Type]\nPhysical\n\n------------------------------------------\n\n[Impact Code execution]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nAn attacker must first obtain access to the Wi-Fi access point of the device, after which the exploit can be done using simple network commands. \n\n------------------------------------------\n\n[Reference]\nhttps://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/\nN/A\n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Edwin Gozeling from Qbit during an assignment for the Consumentenbond. Unknown personnel at pentest partners who did not request a CVE back then. \nUse CVE-2020-11915",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11915"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015971"
},
{
"db": "PACKETSTORM",
"id": "179794"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11915",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015971",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202102-577",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179794",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015971"
},
{
"db": "PACKETSTORM",
"id": "179794"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-577"
},
{
"db": "NVD",
"id": "CVE-2020-11915"
}
]
},
"id": "VAR-202102-0064",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-01-30T19:51:38.182000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SIIME\u00a0EYE",
"trust": 0.8,
"url": "https://www.svakom.net/Siime-Eye"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015971"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "Initializing resources to unsafe default values (CWE-1188) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015971"
},
{
"db": "NVD",
"id": "CVE-2020-11915"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11915"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/jul/14"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015971"
},
{
"db": "PACKETSTORM",
"id": "179794"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-577"
},
{
"db": "NVD",
"id": "CVE-2020-11915"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015971"
},
{
"db": "PACKETSTORM",
"id": "179794"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-577"
},
{
"db": "NVD",
"id": "CVE-2020-11915"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2021-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015971"
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179794"
},
{
"date": "2021-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-577"
},
{
"date": "2021-02-08T02:15:12.083000",
"db": "NVD",
"id": "CVE-2020-11915"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-27T08:43:00",
"db": "JVNDB",
"id": "JVNDB-2020-015971"
},
{
"date": "2021-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-577"
},
{
"date": "2024-11-21T04:58:53.687000",
"db": "NVD",
"id": "CVE-2020-11915"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Svakom\u00a0Siime\u00a0Eye\u00a0 Vulnerability in resetting resources to unsafe default values in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015971"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-577"
}
],
"trust": 0.6
}
}