CVE-2019-25472 | THREATINT

Description

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.

PUBLISHED Reserved 2026-02-22 | Published 2026-03-11 | Updated 2026-03-11 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-73 External Control of File Name or Path

Product status

Default status

unaffected

affected

Default status

unaffected

affected

Credits

Todor Donev finder

References

www.exploit-db.com/exploits/47337 (ExploitDB-47337) exploit

backend.intelbras.com/...n/lamina_tip-200-lite_e_tip-200.pdf (Intelbras Product Documentation) product

www.vulncheck.com/...-arbitrary-file-read-via-dumpconfigfile (VulnCheck Advisory: IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile) third-party-advisory

cve.org (CVE-2019-25472)

nvd.nist.gov (CVE-2019-25472)

Download JSON