CVE-2020-11917

An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://seclists.org/fulldisclosure/2024/Jul/14	Mailing List Third Party Advisory Exploit

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:svakom:svakom_siime_eye_firmware:14.1.00000001.3.330.0.0.3.14:*:*:*:*:*:*:*

cpe:2.3:h:svakom:svakom_siime_eye:-:*:*:*:*:*:*:*

History

24 Apr 2025, 13:42

Type	Values Removed	Values Added
First Time		Svakom svakom Siime Eye Svakom Svakom svakom Siime Eye Firmware
References	~~() https://seclists.org/fulldisclosure/2024/Jul/14 -~~	() https://seclists.org/fulldisclosure/2024/Jul/14 - Mailing List, Third Party Advisory, Exploit
CPE		cpe:2.3:o:svakom:svakom_siime_eye_firmware:14.1.00000001.3.330.0.0.3.14:::::::* cpe:2.3:h:svakom:svakom_siime_eye:-:::::::*

Information

Published : 2024-11-07 18:15

Updated : 2025-04-24 13:42

NVD link : CVE-2020-11917

Mitre link : CVE-2020-11917

CVE.ORG link : CVE-2020-11917

JSON object : View

Products Affected

svakom

svakom_siime_eye_firmware
svakom_siime_eye

CWE

CWE-1188

Initialization of a Resource with an Insecure Default

{"id": "CVE-2020-11917", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-11-07T18:15:15.370", "references": [{"url": "https://seclists.org/fulldisclosure/2024/Jul/14", "tags": ["Mailing List", "Third Party Advisory", "Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)"}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Siime Eye 14.1.00000001.3.330.0.0.3.14. Utiliza un valor SSID predeterminado, lo que facilita que los atacantes remotos descubran las ubicaciones f\u00edsicas de muchos dispositivos Siime Eye, violando la privacidad de los usuarios que no desean revelar su propiedad de este tipo de dispositivo. (Se pueden usar varios recursos como wigle.net para asignar SSID a ubicaciones f\u00edsicas)."}], "lastModified": "2025-04-24T13:42:09.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:svakom:svakom_siime_eye_firmware:14.1.00000001.3.330.0.0.3.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D510DDF7-9FAF-427A-A5F7-8B0DA1253AEF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:svakom:svakom_siime_eye:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EC39279C-49EA-4BA6-BA54-D12373D91C37"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}