An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection.
1b4dfe24cfa2bbe9c0737b6cd595fc715eaa981c261cfb0dec4dc1161934e692
[Suggested description]
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14.
There is no CSRF protection.
------------------------------------------
[Additional Information]
The default settings make this attack theoretical rather than practical.
A lot of interaction takes place between the application and the end
user. For correct functioning, it is important to verify that requests
coming from the user actually represent the user's intention. The
application must therefore be able to distinguish forged requests from
legitimate ones. Currently no measures against Cross-Site Request
Forgery have been implemented and therefore users can be tricked into
submitting requests without their knowledge or consent. From the
application's point of view, these requests are legitimate requests
from the user and they will be processed as such. This can result in
the creation of additional (administrative) user accounts, without the
userĂ¢€™s knowledge or consent.
In order to execute a CSRF attack, a user must be tricked into visiting
an attacker controlled page, using the same browser that is
authenticated to the Siime Eye. As mostly the Hotspot from Siime Eye
will be used, users are unlikely to (be able to) access such pages
simultaneously.
------------------------------------------
[Vulnerability Type]
Cross Site Request Forgery (CSRF)
------------------------------------------
[Vendor of Product]
Svakom
------------------------------------------
[Affected Product Code Base]
Siime Eye - 14.1.00000001.3.330.0.0.3.14
------------------------------------------
[Affected Component]
Siime Eye, web interface
------------------------------------------
[Attack Type]
Context-dependent
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[CVE Impact Other]
Full device compromise.
------------------------------------------
[Reference]
N/A
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond.
Use CVE-2020-11919.