CVE-2020-11915

Name of the Vulnerable Software and Affected Versions Svakom Siime Eye version 14.1.00000001.3.330.0.0.3.14

Description An issue was discovered in the Svakom Siime Eye device. By sending a "set params.cgi?telnetd=1&save=1&reboot=1" request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device's Wi-Fi access point.

Recommendations As a temporary workaround, consider disabling the telnet interface on the device until a patch is available. To prevent exploitation, restrict access to the device's Wi-Fi access point to minimize the risk of unauthorized access. Avoid using the default reecam4debug password for the telnet interface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.