CVE-2019-25290

Summary

Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.

Affected Software

VendorProductVersion RangeStatus
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI<=6.0affected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI505affected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI515affected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI1050affected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI1050/G3affected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI10100Laffected
INIM Electronics s.r.l.Smartliving SmartLAN/G/SI10100L/G3affected

Weaknesses

  • CWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References