Filtered by vendor Svakom Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-11920 1 Svakom 3 Siime Eye, Siime Eye Firmware, Svakom Siime Eye 2024-11-21 9.8 Critical
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root).
CVE-2020-11915 1 Svakom 3 Siime Eye, Siime Eye Firmware, Svakom Siime Eye Firmware 2024-11-21 6.8 Medium
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device's Wi-Fi access point.
CVE-2020-11919 1 Svakom 1 Svakom Siime Eye Firmware 2024-11-08 8 High
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection.