High severity8.8NVD Advisory· Published Apr 29, 2021· Updated Jun 17, 2026
CVE-2020-21992
CVE-2020-21992
Description
Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Inim Electronics SmartLiving/SmartLAN/G/SIdescription
- Range: <=6.x
Patches
Vulnerability mechanics
References
1- www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.phpnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.