iSmartAlarm Backend Server-Side Request Forgery

iSmartAlarm Backend suffers from a server-side request forgery vulnerability.

MD5 | b5d5cf63554a6ef5398768341cf415ec

[+] Credits: Ilia Shnaidman
[+] Source:

iSmartAlarm, inc.

iSmartAlarm Backend

iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm systems.
It provides a fully integrated alarm system with siren, smart cameras and locks.
It functions like any alarm system, but with the benefits of a connected device: alerts pop up on your phone,
offering you full remote control via mobile app wherever you are.

Vulnerability Type:
Server Side Request Forgery

CVE Reference:

Security Issue:
Open Redirection -
iSmartAlarm is not validating injection inside its api.

Attack Vectors:
One of the backend api's contains an SSRF which allows me to use it as a proxy.
An attacker can use iSmartAlarm's backend as a proxy server and potentially launch outbound attacks.

Network Access:


Disclosure Timeline:
Jan 30, 2017: Initial contact to vendor
Feb 1, 2017: Vendor replied, requesting details
Feb 2, 2017: Disclosure to vendor
Apr 12, 2017: After vendor didn't replied, I've approached CERT
Apr 13, 2017: Confirmed receipt by CERT and assigning CVEs
July 05, 2017: Public disclosure

Related Posts