Home

Description

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated or canonicalized. An attacker can supply directory-traversal sequences to cause the server to read and return arbitrary filesystem files that the webserver user can access. Other GoIP models and firmware versions are likely affected. Exploitation evidence was observed by the Shadowserver Foundation on 2024-03-21 UTC.

PUBLISHED Reserved 2025-11-12 | Published 2025-11-12 | Updated 2025-11-13 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unknown

Any version
affected

Timeline

2022-02-15:Researcher publicly discloses vulnerability.

Credits

Valtteri Lehtinen finder

Lassi Korhonen finder

References

www.exploit-db.com/exploits/50775 exploit

shufflingbytes.com/posts/hacking-goip-gsm-gateway/ exploit

shufflingbytes.com/posts/hacking-goip-gsm-gateway/ technical-description exploit

www.exploit-db.com/exploits/50775 exploit

www.dbltek.com/ product

www.vulncheck.com/advisories/dbltek-goip-unauthenticated-lfi third-party-advisory

cve.org (CVE-2022-4982)

nvd.nist.gov (CVE-2022-4982)

Download JSON