PT-2026-1682 · Smartliving · Smartlan/G/Si

Sipke Mellema

·

Publicado

2026-01-07

·

Atualizado

2026-01-08

·

CVE-2019-25290

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Smartliving SmartLAN/G/SI versions 6.x and earlier
Description Smartliving SmartLAN/G/SI software is affected by an unauthenticated server-side request forgery issue. The issue resides in the GetImage functionality and is triggered through the host parameter. An attacker can exploit the /onvif.cgi API endpoint by providing external domains, potentially bypassing firewalls and performing network enumeration via arbitrary HTTP requests.
Recommendations Versions prior to 6.x should be updated.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2019-25290

Produtos afetados

Smartlan/G/Si