CVE-2020-21992 (GCVE-0-2020-21992)

Vulnerability from cvelistv5 – Published: 2021-04-29 14:04 – Updated: 2024-08-04 14:30
VLAI
Summary
Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.
Severity
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:30:33.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Inim Electronics SmartLiving SmartLAN/G/SI \u003c=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the \u0027par\u0027 POST parameter not being sanitized when called with the \u0027testemail\u0027 module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the \u0027sh\u0027 executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-29T14:04:03.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-21992",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Inim Electronics SmartLiving SmartLAN/G/SI \u003c=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the \u0027par\u0027 POST parameter not being sanitized when called with the \u0027testemail\u0027 module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the \u0027sh\u0027 executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-21992",
    "datePublished": "2021-04-29T14:04:03.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:30:33.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-21992",
      "date": "2026-06-07",
      "epss": "0.0325",
      "percentile": "0.87378"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-21992\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-04-29T15:15:10.443\",\"lastModified\":\"2024-11-21T05:12:58.917\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Inim Electronics SmartLiving SmartLAN/G/SI \u003c=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the \u0027par\u0027 POST parameter not being sanitized when called with the \u0027testemail\u0027 module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the \u0027sh\u0027 executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.\"},{\"lang\":\"es\",\"value\":\"Inim Electronics SmartLiving SmartLAN/G/SI versiones anteriores a 6.x  incluy\u00e9ndola, sufre una vulnerabilidad de inyecci\u00f3n de comando remoto autenticado.\u0026#xa0;El problema se presenta debido a que el par\u00e1metro POST \\\"par\\\" no est\u00e1 siendo saneado cuando se llama con el m\u00f3dulo \\\"testemail\\\" por medio del binario web.cgi.\u0026#xa0;El binario CGI vulnerable (ejecutable ELF LSB de 32 bits, ARM) est\u00e1 llamando al ejecutable \\\"sh\\\" por medio de la funci\u00f3n system() para emitir un comando usando el servicio mailx y su par\u00e1metro de formato de cadena vulnerable que permite la inyecci\u00f3n de comandos del Sistema Operativo con privilegios root.\u0026#xa0;Un atacante puede ejecutar comandos del sistema de forma remota como usuario root usando las credenciales predeterminadas y omitir los controles de acceso en su lugar\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:inim:smartliving_505_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"1D6EB9DE-4537-4070-9AAB-197FAD04313C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:inim:smartliving_505:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30FE3762-2144-4DF6-89C1-2181E15ACCF4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:inim:smartliving_515_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"72CEA623-65E8-4F0B-87C0-615ED5C47269\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:inim:smartliving_515:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EBA5461-77FB-46E5-BFDC-F470A9A97492\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:inim:smartliving_1050_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"E9ACAF85-F4BD-4751-ACA5-0ADE339C82A3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:inim:smartliving_1050:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BB1029D-DC9C-444A-BCE3-AF1BE074A068\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:inim:smartliving_1050g3_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"945C2E70-72F7-4EF6-BFBC-CFDA43FC6DE0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:inim:smartliving_1050g3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BF688BA-60F1-4F19-8CFA-6C1EFB4D4128\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:inim:smartliving_10100l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"270CD713-574B-4A14-A002-275CD3C7EF86\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:inim:smartliving_10100l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5537E090-43C2-42B1-A793-23E765A82D6E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:inim:smartliving_10100lg3_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"E3F59BB8-E7D0-4B3A-A05F-CD78B9510DA0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:inim:smartliving_10100lg3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108A7416-7196-49E8-9181-CE27C9F1ED11\"}]}]}],\"references\":[{\"url\":\"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.