CVE-2019-25290

Sažetak

Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/172839
https://packetstormsecurity.com/files/155617
https://www.exploit-db.com/exploits/47764
https://www.inim.biz/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

08-01-2026 - 18:08

Objavljeno

08-01-2026 - 00:15