Description
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- CAYIN Technology / SMP-10001.0 Build 14099 – 1.0 Build 14099
- CAYIN Technology / SMP-2001.0 Build 13080 – 1.0 Build 13080
- CAYIN Technology / SMP-2001.0 Build 12331 – 1.0 Build 12331
- CAYIN Technology / SMP-20001.0 Build 14087 – 1.0 Build 14087
- CAYIN Technology / SMP-20001.0 Build 14167 – 1.0 Build 14167
- CAYIN Technology / SMP-210010.0 Build 16228 – 10.0 Build 16228
- CAYIN Technology / SMP-21003.0 – 3.0
- CAYIN Technology / SMP-22003.0 Build 19029 – 3.0 Build 19029
- CAYIN Technology / SMP-22003.0 Build 19025 – 3.0 Build 19025
- CAYIN Technology / SMP-22103.0 Build 19025 – 3.0 Build 19025
- CAYIN Technology / SMP-23003.0 Build 19316 – 3.0 Build 19316
- CAYIN Technology / SMP-23103.0 – 3.0
- CAYIN Technology / SMP-3001.0 Build 14177 – 1.0 Build 14177
- CAYIN Technology / SMP-40001.0 Build 14087 – 1.0 Build 14087
- CAYIN Technology / SMP-40001.0 Build 14092 – 1.0 Build 14092
- CAYIN Technology / SMP-40001.0 Build 14098 – 1.0 Build 14098
- CAYIN Technology / SMP-60001.0 Build 14062 – 1.0 Build 14062
- CAYIN Technology / SMP-60001.0 Build 14069 – 1.0 Build 14069
- CAYIN Technology / SMP-60001.0 Build 14090 – 1.0 Build 14090
- CAYIN Technology / SMP-60001.0 Build 14097 – 1.0 Build 14097
- CAYIN Technology / SMP-60001.0 Build 14167 – 1.0 Build 14167
- CAYIN Technology / SMP-60001.0 Build 14199 – 1.0 Build 14199
- CAYIN Technology / SMP-60001.0 Build 14246 – 1.0 Build 14246
- CAYIN Technology / SMP-60003.0 Build 19025 – 3.0 Build 19025
- CAYIN Technology / SMP-80003.0 – 3.0
- CAYIN Technology / SMP-8000QD3.0 – 3.0
- CAYIN Technology / SMP-NEO1.0 – 1.0
- CAYIN Technology / SMP-NEO21.0 – 1.0
- CAYIN Technology / SMP-PRO41.0 – 1.0
- CAYIN Technology / SMP-PROPLUS1.5 Build 10081 – 1.5 Build 10081
- CAYIN Technology / SMP-WEB42.0 Build 13073 – 2.0 Build 13073
- CAYIN Technology / SMP-WEB42.0 Build 11175 – 2.0 Build 11175
- CAYIN Technology / SMP-WEB41.5 Build 11476 – 1.5 Build 11476
- CAYIN Technology / SMP-WEB41.5 Build 11126 – 1.5 Build 11126
- CAYIN Technology / SMP-WEB41.0 Build 10301 – 1.0 Build 10301
- CAYIN Technology / SMP-WEBPLUS6.5 Build 11126 – 6.5 Build 11126
References
- EXPLOIThttps://www.exploit-db.com/exploits/48557
- MISChttps://www.cayintech.com
- MISChttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5569.php
- MISChttps://packetstorm.news/files/id/157942
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/182924
- MISChttps://cxsecurity.com/issue/WLB-2020060049
- VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/cayin-signage-media-player-authenticated-remote-command-injection-via-ntp-parameter