CVE-2019-25291 | THREATINT

Description

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.

PUBLISHED Reserved 2026-01-06 | Published 2026-01-07 | Updated 2026-01-08 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Use of Hard-coded Credentials

Product status

<=6.x

affected

505

affected

515

affected

1050

affected

1050/G3

affected

10100L

affected

10100L/G3

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php (Zero Science Lab Vulnerability Advisory) third-party-advisory

www.exploit-db.com/exploits/47763 (Exploit Database Entry 47763) exploit

packetstormsecurity.com/files/155618 (Packet Storm Security Exploit File) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/172838 (IBM X-Force Vulnerability Exchange Entry) vdb-entry

www.inim.biz/ (INIM Vendor Homepage) product

cve.org (CVE-2019-25291)

nvd.nist.gov (CVE-2019-25291)

Download JSON