[Suggested description] An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a specific request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges and a default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device's Wi-Fi access point. ------------------------------------------ [Additional Information] The vulnerability was first discovered by Pentest Partners, later on it was also discovered by Qbit as the issues remain unaddressed by the vendor. default telnet password is the same across all Siime Eye devices and possibly even across all devices created by this developer ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Svakom ------------------------------------------ [Affected Product Code Base] Siime Eye - 14.1.00000001.3.330.0.0.3.14 ------------------------------------------ [Affected Component] Siime Eye device ------------------------------------------ [Attack Type] Physical ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Attack Vectors] An attacker must first obtain access to the Wi-Fi access point of the device, after which the exploit can be done using simple network commands. ------------------------------------------ [Reference] https://www.pentestpartners.com/security-blog/vulnerable-wi-fi-dildo-camera-endoscope-yes-really/ N/A ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit during an assignment for the Consumentenbond. Unknown personnel at pentest partners who did not request a CVE back then. Use CVE-2020-11915.