PT-2025-48191 · Tellion · Tellion Hn-2204Ap
Todor Donev
·
Published
2025-11-26
·
Updated
2025-11-27
·
CVE-2019-25227
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Tellion HN-2204AP routers (affected versions not specified)
Description
Tellion HN-2204AP routers have an issue where the
/cgi-bin/system config file management endpoint allows remote retrieval of a compressed configuration archive without authentication or authorization. The exposed configuration may contain administrative credentials, wireless keys, and other sensitive settings. This could allow an unauthenticated attacker to obtain information that could facilitate further compromise of the device or network.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tellion Hn-2204Ap