CVE-2019-25472

Name of the Vulnerable Software and Affected Versions IntelBras Telefone IP TIP200 and 200 LITE (affected versions not specified)

Description The IntelBras Telefone IP TIP200 and 200 LITE devices have an issue allowing unauthorized reading of arbitrary files. This is due to a flaw in the dumpConfigFile() function, which is accessible through the cgiServer.exx endpoint. An attacker can exploit this by sending GET requests to the /cgi-bin/cgiServer.exx API endpoint with the command parameter set to dumpConfigFile(). This allows the attacker to read sensitive files, such as /etc/shadow and configuration files, without authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.