CVE-2019-25465

Summary

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings.

Affected Software

VendorProductVersion RangeStatus
HisiliconHiIpcamV100R003affected

Weaknesses

  • CWE-260: CWE-260 Password in Configuration File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References