CVE-2019-25472

HIGH

7.5

Descripcion

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.

Detalles CVE

Puntuacion CVSS v3.17.5

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado3/11/2026

Ultima modificacion3/12/2026

Fuentenvd

Avistamientos honeypot0

Debilidades (CWE)

CWE-73

Referencias

https://backend.intelbras.com/sites/default/files/integration/lamina_tip-200-lite_e_tip-200.pdf(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/47337(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/intelbras-telefone-ip-tip200-200-lite-arbitrary-file-read-via-dumpconfigfile(disclosure@vulncheck.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.