Sign-up

ID

VAR-202407-2661


CVE

CVE-2020-11916


TITLE

Svakom  of  Siime Eye  Vulnerabilities related to the use of cryptographic algorithms in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-018374

DESCRIPTION

An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased. Svakom of Siime Eye A vulnerability exists in the firmware regarding the use of cryptographic algorithms.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Svakom ------------------------------------------ [Affected Product Code Base] Siime Eye - 14.1.00000001.3.330.0.0.3.14 ------------------------------------------ [Affected Component] Siime Eye linux password hashes ------------------------------------------ [Attack Type] Context-dependent ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] The hash can be obtained using various techniques (e.g.) through command injection. ------------------------------------------ [Reference] N/A ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond. Use CVE-2020-11916

Trust: 1.71

sources: NVD: CVE-2020-11916 // JVNDB: JVNDB-2020-018374 // PACKETSTORM: 179795

AFFECTED PRODUCTS

vendor:svakommodel:siime eyescope:eqversion:14.1.00000001.3.330.0.0.3.14

Trust: 1.0

vendor:svakommodel:siime eyescope: - version: -

Trust: 0.8

vendor:svakommodel:siime eyescope:eqversion:siime eye firmware 14.1.00000001.3.330.0.0.3.14

Trust: 0.8

vendor:svakommodel:siime eyescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-018374 // NVD: CVE-2020-11916

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2020-11916
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2020-018374
value: MEDIUM

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2020-11916
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2020-018374
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-018374 // NVD: CVE-2020-11916

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.0

problemtype:Use of incomplete or dangerous cryptographic algorithms (CWE-327) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-018374 // NVD: CVE-2020-11916

TYPE

root

Trust: 0.1

sources: PACKETSTORM: 179795

EXTERNAL IDS

db:NVDid:CVE-2020-11916

Trust: 2.8

db:JVNDBid:JVNDB-2020-018374

Trust: 0.8

db:OTHERid:NONE

Trust: 0.1

db:PACKETSTORMid:179795

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2020-018374 // PACKETSTORM: 179795 // NVD: CVE-2020-11916

REFERENCES

url:https://seclists.org/fulldisclosure/2024/jul/14

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-11916

Trust: 0.9

sources: JVNDB: JVNDB-2020-018374 // PACKETSTORM: 179795 // NVD: CVE-2020-11916

CREDITS

Willem Westerhof | Secura

Trust: 0.1

sources: OTHER: None

SOURCES

db:OTHERid: -
db:JVNDBid:JVNDB-2020-018374
db:PACKETSTORMid:179795
db:NVDid:CVE-2020-11916

LAST UPDATE DATE

2025-04-26T20:48:50.082000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-018374date:2025-04-25T05:33:00
db:NVDid:CVE-2020-11916date:2025-04-24T13:41:33.143

SOURCES RELEASE DATE

db:OTHERid: - date:2024-07-26T13:11:06
db:JVNDBid:JVNDB-2020-018374date:2025-04-25T00:00:00
db:PACKETSTORMid:179795date:2024-07-30T12:35:43
db:NVDid:CVE-2020-11916date:2024-11-07T18:15:15.310