Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
INIM ELECTRONICS SmartLiving System 操作系统命令注入漏洞
Vulnerability Description
INIM ELECTRONICS SmartLiving System是意大利INIM ELECTRONICS公司的一个应用系统。一个智能生活系统。 Inim Electronics SmartLiving SmartLAN/G/SI <=6.x 存在操作系统命令注入漏洞,攻击者可利用该漏洞可以使用默认凭据作为根用户远程执行系统命令。
CVSS Information
N/A
Vulnerability Type
N/A