VAR-202407-2555
Vulnerability from variot - Updated: 2025-11-18 12:20An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file. Svakom of Siime Eye The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained and information may be tampered with.
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Svakom
[Affected Product Code Base] Siime Eye - 14.1.00000001.3.330.0.0.3.14
[Affected Component] Siime Eye
[Attack Type] Context-dependent
[Impact Information Disclosure] true
[Attack Vectors] A backup file must be found or created by an attacker in order to exploit this vulnerability.
[Reference] N/A
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond Use CVE-2020-11918
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-2555",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siime eye",
"scope": "eq",
"trust": 1.0,
"vendor": "svakom",
"version": "14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": null,
"trust": 0.8,
"vendor": "svakom",
"version": null
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": "siime eye firmware 14.1.00000001.3.330.0.0.3.14"
},
{
"model": "siime eye",
"scope": "eq",
"trust": 0.8,
"vendor": "svakom",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2020-11918",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11918",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-018372",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-11918",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2020-018372",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file. Svakom of Siime Eye The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained and information may be tampered with. \n\n------------------------------------------\n\n[Vulnerability Type]\nIncorrect Access Control\n\n------------------------------------------\n\n[Vendor of Product]\nSvakom\n\n------------------------------------------\n\n[Affected Product Code Base]\nSiime Eye - 14.1.00000001.3.330.0.0.3.14\n\n------------------------------------------\n\n[Affected Component]\nSiime Eye\n\n------------------------------------------\n\n[Attack Type]\nContext-dependent\n\n------------------------------------------\n\n[Impact Information Disclosure]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nA backup file must be found or created by an attacker in order to exploit this vulnerability. \n\n------------------------------------------\n\n[Reference]\nN/A\n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond\nUse CVE-2020-11918",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11918"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "PACKETSTORM",
"id": "179797"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11918",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018372",
"trust": 0.8
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179797",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "PACKETSTORM",
"id": "179797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"id": "VAR-202407-2555",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T12:20:33.843000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11918"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "179797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "PACKETSTORM",
"id": "179797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179797"
},
{
"date": "2025-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"date": "2024-11-07T18:15:15.450000",
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-25T03:09:00",
"db": "JVNDB",
"id": "JVNDB-2020-018372"
},
{
"date": "2025-11-04T18:15:38.600000",
"db": "NVD",
"id": "CVE-2020-11918"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Svakom\u00a0 of \u00a0Siime\u00a0Eye\u00a0 Vulnerability related to plaintext storage of important information in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018372"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "179797"
}
],
"trust": 0.1
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…