CVE-2019-25472

CVE Database · CVE-2019-25472

CVE-2019-25472

· HIGHAwaiting Analysis

CVSS v3.1

7.5

CVSS v4.0

8.7

EPSS

0.30%

Published

Mar 11, 2026

Modified

Mar 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-73

References (3)

https://backend.intelbras.com/sites/default/files/integration/lamina_tip-200-lite_e_tip-200.pdf

https://www.exploit-db.com/exploits/47337

https://www.vulncheck.com/advisories/intelbras-telefone-ip-tip200-200-lite-arbitrary-file-read-via-dumpconfigfile

KEV Catalog EPSS Scores Vendors All CVEs