ID
VAR-202407-2555
CVE
CVE-2020-11918
TITLE
Svakom of Siime Eye Vulnerability related to plaintext storage of important information in firmware
Trust: 0.8
DESCRIPTION
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file. Svakom of Siime Eye The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained and information may be tampered with. ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Svakom ------------------------------------------ [Affected Product Code Base] Siime Eye - 14.1.00000001.3.330.0.0.3.14 ------------------------------------------ [Affected Component] Siime Eye ------------------------------------------ [Attack Type] Context-dependent ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] A backup file must be found or created by an attacker in order to exploit this vulnerability. ------------------------------------------ [Reference] N/A ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond Use CVE-2020-11918
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | svakom | model: | siime eye | scope: | eq | version: | 14.1.00000001.3.330.0.0.3.14 | Trust: 1.0 |
| vendor: | svakom | model: | siime eye | scope: | - | version: | - | Trust: 0.8 |
| vendor: | svakom | model: | siime eye | scope: | eq | version: | siime eye firmware 14.1.00000001.3.330.0.0.3.14 | Trust: 0.8 |
| vendor: | svakom | model: | siime eye | scope: | eq | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-312 | Trust: 1.0 |
| problemtype: | Plaintext storage of important information (CWE-312) [ others ] | Trust: 0.8 |
TYPE
info disclosure
Trust: 0.1
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-11918 | Trust: 2.8 |
| db: | JVNDB | id: | JVNDB-2020-018372 | Trust: 0.8 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
| db: | PACKETSTORM | id: | 179797 | Trust: 0.1 |
REFERENCES
| url: | https://seclists.org/fulldisclosure/2024/jul/14 | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-11918 | Trust: 0.9 |
CREDITS
Willem Westerhof | Secura
Trust: 0.1
SOURCES
| db: | OTHER | id: | - |
| db: | JVNDB | id: | JVNDB-2020-018372 |
| db: | PACKETSTORM | id: | 179797 |
| db: | NVD | id: | CVE-2020-11918 |
LAST UPDATE DATE
2025-04-26T20:51:18.337000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2020-018372 | date: | 2025-04-25T03:09:00 |
| db: | NVD | id: | CVE-2020-11918 | date: | 2025-04-24T13:42:14.090 |
SOURCES RELEASE DATE
| db: | OTHER | id: | - | date: | 2024-07-26T13:11:06 |
| db: | JVNDB | id: | JVNDB-2020-018372 | date: | 2025-04-25T00:00:00 |
| db: | PACKETSTORM | id: | 179797 | date: | 2024-07-30T12:35:43 |
| db: | NVD | id: | CVE-2020-11918 | date: | 2024-11-07T18:15:15.450 |