CVE-2019-25290
Unauthenticated SSRF in Smartliving SmartLAN GetImage Function
Publication date: 2026-01-08
Last updated on: 2026-01-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| inim_electronics | smartliving_smartlan | g |
| inim_electronics | smartliving_smartlan | 505 |
| inim_electronics | smartliving_smartlan | 515 |
| inim_electronics | smartliving_smartlan | 1050 |
| inim_electronics | smartliving_smartlan | 1050/g3 |
| inim_electronics | smartliving_smartlan | 10100l |
| inim_electronics | smartliving_smartlan | 10100l/g3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25290 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the GetImage functionality of Inim Electronics Smartliving SmartLAN/G/SI systems version 6.x and earlier. The vulnerability arises because the application processes user input from the 'host' GET parameter without proper validation when constructing an image request via the onvif.cgi endpoint. This allows an attacker to specify arbitrary external domains or IP addresses, causing the device to make HTTP requests to unintended destinations. Essentially, an attacker can exploit this flaw to make the device send requests to other internal or external network resources. [1, 2]
How can this vulnerability impact me? :
This vulnerability can be exploited by attackers to bypass firewalls and perform internal network and service enumeration remotely through the affected device. Since the device can be induced to make HTTP requests to arbitrary hosts without authentication, attackers can use it as a pivot point to gather information about internal network resources that are otherwise inaccessible. This can lead to further attacks or reconnaissance activities against the internal network. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the SSRF via the onvif.cgi endpoint using the 'host' GET parameter. A proof-of-concept involves sending a crafted HTTP request to the onvif.cgi service with an arbitrary external domain in the 'host' parameter to see if the system makes HTTP requests to unintended destinations. For example, using curl to send a POST request with manipulated parameters to onvif.cgi can demonstrate the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the onvif.cgi endpoint to trusted users or networks, implementing input validation or filtering on the 'host' parameter to prevent arbitrary external requests, and monitoring network traffic for unusual outbound HTTP requests initiated by the device. Additionally, disabling remote access features or the vulnerable functionality until a patch or update is available can reduce risk. [1, 2]