PT-2026-1682 · Smartliving · Smartlan/G/Si
Sipke Mellema
·
Published
2026-01-07
·
Updated
2026-01-08
·
CVE-2019-25290
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Smartliving SmartLAN/G/SI versions 6.x and earlier
Description
Smartliving SmartLAN/G/SI software is affected by an unauthenticated server-side request forgery issue. The issue resides in the GetImage functionality and is triggered through the
host parameter. An attacker can exploit the /onvif.cgi API endpoint by providing external domains, potentially bypassing firewalls and performing network enumeration via arbitrary HTTP requests.Recommendations
Versions prior to 6.x should be updated.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smartlan/G/Si