Inim Electronics S.R.L Smartliving Smartlan G Si vulnerabilities
3 known vulnerabilities affecting inim_electronics_s.r.l/smartliving_smartlan_g_si.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-25289P2HIGHCVSS 8.8v<=6.0v505+5 more2026-01-08
CVE-2019-25289 [HIGH] CWE-78 CVE-2019-25289: SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the w
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials.
nvd
CVE-2019-25291P3HIGHCVSS 7.5v<=6.0v505+5 more2026-01-08
CVE-2019-25291 [HIGH] CWE-798 CVE-2019-25291: INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distri
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.
nvd
CVE-2019-25290P3MEDIUMCVSS 5.3v<=6.0v505+5 more2026-01-08
CVE-2019-25290 [MEDIUM] CWE-918 CVE-2019-25290: Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerabilit
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.
nvd