Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Svakom Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11915 1 Svakom 2 Siime Eye, Siime Eye Firmware 2021-07-21 4.6 MEDIUM 6.8 MEDIUM
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device's Wi-Fi access point.
CVE-2020-11920 1 Svakom 2 Siime Eye, Siime Eye Firmware 2021-02-11 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root).