Detections
Analytics

CVE-2019-25290

medium

Description

Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php

https://www.inim.biz/

https://www.exploit-db.com/exploits/47764

https://packetstormsecurity.com/files/155617

https://exchange.xforce.ibmcloud.com/vulnerabilities/172839

Details

Source: Mitre, NVD

Published: 2026-01-08

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

Severity: Medium

EPSS

EPSS: 0.00027