CVE-2019-25227
BaseFortify
Publication date: 2025-11-26
Last updated on: 2025-11-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tellion | hn-2204ap | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Tellion HN-2204AP routers where the /cgi-bin/system_config_file management endpoint allows anyone to remotely download a compressed configuration archive without needing to log in or have any authorization. This archive can contain sensitive information such as administrative credentials and wireless keys, which can be used by an attacker to further compromise the device or the network.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to obtain sensitive configuration data from the router, including administrative credentials and wireless keys. This can lead to unauthorized access to the device and the network it manages, potentially allowing the attacker to control the router, intercept network traffic, or launch further attacks within the network.