Inim Electronics Smartliving and SmartLAN Unauthenticated Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and prior. The vulnerability resides in the GetImage function, where the application fails to properly validate the 'host' parameter. This allows attackers to manipulate HTTP requests to external domains, potentially bypassing firewalls and conducting network enumeration through arbitrary HTTP requests via the onvif.cgi endpoint.

Impact

Exploitation of this vulnerability could lead to unauthorized network access and information exposure, allowing attackers to bypass firewalls and enumerate internal services and network resources.

Reproduction

The vulnerability can be reproduced by sending a POST request to the onvif.cgi endpoint with the 'mod' parameter set to 'GetImage' and the 'host' parameter pointing to an external domain. This will trigger the application to make an HTTP request to the specified domain, demonstrating the SSRF vulnerability.