How severe is CVE-2019-25290?

CVE-2019-25290 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2019-25290

5.3MEDIUM

Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi en

Publicado: 1/8/2026Atualizado: 1/8/2026

Descrição

Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.

Análise IADesenvolvido por IA

Referências

https://exchange.xforce.ibmcloud.com/vulnerabilities/172839
https://packetstormsecurity.com/files/155617
https://www.exploit-db.com/exploits/47764
https://www.inim.biz/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php