Sipke Mellema

**Name of the Vulnerable Software and Affected Versions** Smartliving SmartLAN/G/SI versions 6.x and earlier **Description** Smartliving SmartLAN/G/SI software is affected by an unauthenticated server-side request forgery issue. The issue resides in the GetImage functionality and is triggered through the `host` parameter. An attacker can exploit the `/onvif.cgi` API endpoint by providing external domains, potentially bypassing firewalls and performing network enumeration via arbitrary HTTP requests. **Recommendations** Versions prior to 6.x should be updated.

**Name of the Vulnerable Software and Affected Versions** NetIQ Access Manager versions prior to 5.0.1 NetIQ Access Manager versions prior to 4.5.4 **Description** The issue is caused by an injection attack, leading to a denial of service. **Recommendations** For versions prior to 5.0.1, update to version 5.0.1 or later. For versions prior to 4.5.4, update to version 4.5.4 or later.

**Name of the Vulnerable Software and Affected Versions** Inim Electronics Smartliving SmartLAN/G/SI versions prior to 7.x **Description** An Unauthenticated Server-Side Request Forgery (SSRF) issue exists within the GetImage functionality. The application uses user-supplied data in the `host` parameter to construct an image request through `onvif.cgi`. Since the `host` parameter is not validated, an attacker can specify an external domain, forcing the application to make an HTTP request to an arbitrary destination host. **Recommendations** For Inim Electronics Smartliving SmartLAN/G/SI versions prior to 7.x, consider validating the `host` parameter in the GetImage functionality to prevent SSRF attacks. As a temporary workaround, restrict access to the `onvif.cgi` service to minimize the risk of exploitation.