CVE-2020-11920

Name of the Vulnerable Software and Affected Versions Svakom Siime Eye version 14.1.00000001.3.330.0.0.3.14

Description A command injection issue resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters, the device executes arbitrary code with root privileges, as all of the device's services are running as root.

Recommendations For Svakom Siime Eye version 14.1.00000001.3.330.0.0.3.14, consider disabling the webserver or restricting access to the NFS settings menu as a temporary workaround until a patch is available. Avoid using the HOST/IP section of the NFS settings menu until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.