CVE-2020-11915

MEDIUM

Svakom Siime Eye <14.1 - Privilege Escalation

Title source: llm

Description

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device's Wi-Fi access point.

References (2)

[Mailing List] http://seclists.org/fulldisclosure/2024/Jul/14

[Exploit, Third Party Advisory] https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/

Scores

CVSS v3 6.8

EPSS 0.0029

EPSS Percentile 52.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1188

Status published

Products (1)

svakom/siime_eye_firmware 14.1.00000001.3.330.0.0.3.14

Published Feb 08, 2021

Tracked Since Feb 18, 2026