Volerion logoVolerion
Volerion logoVolerion

Inim Electronics Smartliving and SmartLAN Hard-Coded Credentials Vulnerability

Vulnerability

A vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and prior, due to hard-coded credentials embedded in the Linux distribution image. These credentials, which provide Telnet, SSH, and FTP access, cannot be altered through normal device operations. As a result, attackers can exploit this vulnerability to gain unauthorized system access across various SmartLiving device models.

Impact

Exploitation of this vulnerability allows for unauthorized system access via Telnet, SSH, and FTP. Additionally, according to the vendor, this vulnerability could lead to a denial-of-service.

Reproduction

The vulnerability can be reproduced by accessing the device via Telnet, SSH, or FTP using the hard-coded credentials. Once logged in, the credentials can be verified by checking the password hashes, which reveal the root password as 'pass'.

Added: Jan 8, 2026, 12:23 AM
Updated: Jan 8, 2026, 12:23 AM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
7.5
exploitability
9.1
remediation
0.0
relevance
1.9
threat
6.4
urgency
2.9
incentive
9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.