Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.
Exploitability
AV:NAC:LAT:NPR:NUI:NVulnerable System
VC:NVI:LVA:NSubsequent System
SC:LSI:LSA:L6.9/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:LInput Validation