CVE-2019-25291

critical

Description

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php

https://www.inim.biz/

https://www.exploit-db.com/exploits/47763

https://packetstormsecurity.com/files/155618

https://exchange.xforce.ibmcloud.com/vulnerabilities/172838

Details

Source: Mitre, NVD

Published: 2026-01-08

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.0003