CVE-2020-22002

CVE-2020-22002

An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter ‘host’ to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.

Source: CVE-2020-22002

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다